Filesharing over ports 445 and 139

Discussion in 'LnS English Forum' started by act8192, Sep 14, 2011.

Thread Status:
Not open for further replies.
  1. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
    Lns 2.0.7, Phant0m rules 008.5r1, WinXP-SP3.
    Under 008.4 I had to make me rules for filesharing to supplement P-rules for WinF&P sharing. No problems. It worked fine.
    But since I've just started clean LnS, and with a better Advanced options list, I wanted to see which, if any, of my port 139 and 445 rules really must be in for the LAN.
    It appears that I still have to drag them in, what do you think?

    Details: Each computer has mapped drives to another, both by computer name and by IP. Both set to reconnect at logon.
    Both computers' TCP/IP properties permit NetBIOS over wired connections.
    This log is from the moment the other computer (.63) booted. All TCP incoming packets have an "S" flag on them.
    139and445.png

    Packets 17-34 are during the other box booting, where packets 21-28 are netbios broadcasts from .63 to 192.168.54.255.
    Packets 40-45 are when I want to connect from the other computer to me and Windows says that error occured while reconnecting to \\myIP\directory or for \\compName\directory it says No network found.

    I have no problem connecting out and using the specified directories on .63.

    It's not terribly important, but I thought I'd ask anyway.

    Edit @7:30pm
    In several firewalls I used, I always included ports 135,137-139,445 for LAN sharing since M$ played with NetBIOS and its 445 replacement (maybe). Might that be included in the P-rules as well, by default? Or is it a security issue of some sort.
     
    Last edited: Sep 14, 2011
  2. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Hi act8192,

    Try the update.
     
  3. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
    Sounds great to be able to eliminate 2 rules, thanks :)
    But, I'm having problem installing
    .zip md5 matches so I don't know what to check to make it work.
     
  4. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
    Never mind. It installed. It turns out I had to reenter serial even though it was prefilled on the dialog.
     
  5. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
    I think we're looking good, thanks Phant0m :)
    Filesharing-ok.png
    I pasted in view from the other box in the bottom corner.
    I assume incoming is permitted only for my LAN in the details of the new Win F&P... rules, correct?
     
  6. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Regarding ‘-Microsoft-DS’ rule blocking of the wanted LAN sharing, this rule was a newer addition to block silently Microsoft-DS traffic coming from the web. However it was using ‘IP : Address’ criteria ‘In Range’ or ‘Mask’ (depending on ForceConfig.ini Network settings) instead of ‘Out range’ and ‘Not Mask’ on LAN Microsoft-DS packets. The ‘Win.F&P Sharing_Microsoft-DS*’ was for accepting the wanted LAN Microsoft-DS packets, but these packets was stopped first by ‘-Microsoft-DS’.

    If the saved serial was wrong, you wouldn’t get to the next screen where it retrieves information, ‘? Failure to save Ruleset file.’ was likely from the file being temporarily locked.


    I released a revised version.
     
  7. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
    Phantom, I'm glad you're around again. A bit of setback here. While the Windows computer could connect to my share, the linux mint computer could not until I brought back one of my rules. Might be the high ports they're coming from. All these packets are just Synch flag.
    MintCantConnect(P-rules).png
     
  8. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    You didn't get the update did you? ;)
     
  9. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
    oops, you mean from post#6? no, 'cause I just logged in probably seconds after you did. I saw the sentence and thought it might still refer to 008.6. But basically was trying to carefully read and understand your story about M$-DS. I'll report back tomorrow after the new release.

    edit: but if there was the block as you described, why did it work with the windows computer connecting to me?

    edit2: wont' this be the same story then with -TCP block incoming followed by TCP allow outo_O
     
    Last edited: Sep 15, 2011
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    If you in reference to the Build 008.6, because there was a fix.
     
  11. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
    Using 008.6r1 - as before in post#7, for some reason we're blocking the linux computer incoming connection attempts.
    Phant0m, if you've ran out of patience with me, just say it, 'cause I can import my previous 139,445 incoming rule and be done with it :)
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    That is probably linked to using Look ‘n’ Stop ‘Local In’ criteria for dynamic ports, can you go into a standard rule that shows ‘Local In’ port range and see if the blocked packets are outside this range?
     
  13. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    I think your PC that Look 'n' Stop is installed on is using dynamic range 1024-5000, Linux using wider dynamic range
     
  14. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
    I know they come in from high numbered ports.
    Which rule should I look at, please

    edit: TCP authorize communication has no port restriction on the remote
     
  15. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    View the rule 'Win.Remote Desktop Connection'
     
  16. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
  17. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    heh u done it wrong ... regarding attaching files in specific places on a post. ;)
     
  18. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
  19. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    Export the rule 'Win.F&P Sharing_Microsoft-DS, HTTP, NetBIOS-s' and send it and I will remove the port range or widen the range to your specifications (if you know highest dynamic port ever used).
     
  20. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
    yah, I know I messed up the attachments :)
     
  21. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
    ok, will export and email
     
  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    e-mail responded.
     
  23. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
    And done well
    MintConnections.png
    it now works sharing my files by the linux box and my computer continues to see the linux share. Thank you for the speedy job :)
     
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,721
    Location:
    Canada
    You are certainly welcome act8191.
     
  25. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,484
    Phant0m rules 008.8 contain the old, unmodified, Win. F&P sharing rule. Whether by design or not, I don't know.
    I had to import the new, good, rule into the 008.8 setup. I mention this because Windows7 or Vista users might need this rule with the remote ports range changed.
    One potential problem - When Phant0m worked on it, I suggested ports range above 40000 (thinking of 49152 :)), but saw the other day something in the 39 thousand range. I don't really know what the "normal" range for linux is, but it's worth keeping in mind that some further adjustment might be needed.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.