|>
|>Here's the deal. I need a non-Active Directory client to
|>map a drive across the WAN to a Active Directory Domain
|>Controller. Ok, I'm also using a Net Use batch file in
|>startup for the login/mapping to take place.
|>Batch file script:
|>net use f:\\ 172.17.1.200\NewFolder /user
|>(E-Mail Removed) password
|>
|> This works, but my router's Access List is blocking a few
|>ports. That will stop this from this working in the
|>future. The access lists are as follows:
|>
|>access-list 115 deny tcp any any eq 135
|>access-list 115 deny udp any any eq 135
|>access-list 115 deny udp any any eq netbios-ns
|>access-list 115 deny udp any any eq netbios-ss
|>access-list 115 deny udp any any eq netbios-dgm
|>access-list 115 deny tcp any any eq 139*****
|>access-list 115 deny tcp any any eq 445
|>access-list 115 deny tcp any any eq 593
|>access-list 115 deny tcp any any eq 4444
|>access-list 115 permit ip any any
|>
|>
|>The port I narrowed down to was 139. The script will run
|>with all the ACLs in place except for that one DENY
|>statement that I have marked with the asteriks.
|>
|>My question, is there any way that I can get this login
|>batch to work on this 2000Pro client without using the 139
|>port? Changing the access-list is NOT an option, so I need
|>a work-around to have this batch file bypass the router
|>ACLs. I've tried using a LMHOST file which didn't seem to
|>work. LMHOST entry:
|>172.17.1.200 domaincontrl #PRE
|>
|> Any help would be appreciated. Let's see how good you
|>MCSEs and network gurus are on this one.
|>.
NetBIOS over TCP traditionally uses the following ports:
nbname 137/UDP
nbname 137/TCP
nbdatagram 138/UDP
nbsession 139/TCP
Direct hosted "NetBIOS-less" SMB traffic uses port 445 (TCP and UDP).
NT 4.0 and Win9x will always use port 139 for a netbios session (net use or
net view)
In Windows 2000, however, If both the direct hosted and NBT interfaces are
enabled, both methods are tried at the same time and the first to respond
is used.
In otherwords, you cannot block both port 139 and 445 if you want to map a
drive from and to a Windows 2000 system through a router. Since you are
mapping to an ip address instead of a netbios name, you will not need to
use lmhosts or wins for name resolution.
This article may be helpful to you as well:
179442 How to Configure a Firewall for Domains and Trusts
http://kb/article.asp?id=Q179442
This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
Similar Threads
