NetBios over TCP/IP

[Marco Trapanese]

Hello,

I'm sorry if my English isn't so good, I hope it's good enough to
explain my problem.

What I have got:

- A LAN with winXP machines behind a router
- The router is connected to the Internet
- A lan drive (samba server) is connected to the router

DHCP is disabled.

When I am in the LAN I can browse the lan drive through NetBT typing
\\landrivename in the address bar.

I want to do the same using a remote PC anywhere over the Internet and a
dynamic DNS.

What I done:

- activated a DDNS service
- configured the router to forward: UDP 137:139 and TCP 139 to the lan drive


I don't know how to tell IE (or other browsers) to use NetBT protocols.
If I type: "myip.ddns.address" the browser assumes it's an http request
and hence uses the port 80. In this case the router administration page
will answer.

smb:\\myip.ddns.address doesn't work as well as myip.ddns.address:139

I'd try to do a request on a port and configure the router to forward on
another one. But I'm afraid I can't do this in my digicom router.

Maybe there is a straight way but I can't see it.

Please, may you help me?

Thanks
Marco / iw2nzm

 

[James Snell]

Hi Marco

The short answer is that you're using the wrong program. Internet Explorer
makes HTTP requests as that is the job of an internet browser (to request and
display hypertext documents). Instead you need Windows explorer, so open up
"my computer" or run explorer.exe and put into the address bar
//myip.ddns.address and you should be fine.

Alternatively, IE should respond to file:\\myip.ddns.address and switch over
to windows explorer for you.


* If you want to make accessing things to be "as if you were on the lan"
then you might be better off looking at setting up a VPN server on your
server that way you don't have to open so many ports.

 

[Marco Trapanese]

James Snell ha scritto:

Hi Marco

The short answer is that you're using the wrong program. Internet Explorer
makes HTTP requests as that is the job of an internet browser (to request and
display hypertext documents). Instead you need Windows explorer, so open up
"my computer" or run explorer.exe and put into the address bar
//myip.ddns.address and you should be fine.

James,

typing "\\landrive" (where landrive is the name of my external drive)
both in Internet Explorer or in 'my computer' gives the same result. In
fact, I can browse my hard-disk.

Alternatively, IE should respond to file:\\myip.ddns.address and switch over
to windows explorer for you.

It works if I use the LAN as above. Using the DDNS or directly the IP
address neither IE nor windows explorer can connect to the drive.

Can you confirm I don't need to forward other ports?

* If you want to make accessing things to be "as if you were on the lan"
then you might be better off looking at setting up a VPN server on your
server that way you don't have to open so many ports.

This is sound new to me. And it sounds interesting indeed.
Before I start searching documentation on google I ask you if with a VPN
server I can access to my lan drive from any machine connected to the
Internet. In other words, do I need a specific software or windows can
do the job?

Thanks again
Marco / iw2nzm

 

[John Wunderlich]

James Snell ha scritto:


James,

typing "\\landrive" (where landrive is the name of my external
drive) both in Internet Explorer or in 'my computer' gives the
same result. In fact, I can browse my hard-disk.



It works if I use the LAN as above. Using the DDNS or directly the
IP address neither IE nor windows explorer can connect to the
drive.

Can you confirm I don't need to forward other ports?



This is sound new to me. And it sounds interesting indeed.
Before I start searching documentation on google I ask you if with
a VPN server I can access to my lan drive from any machine
connected to the Internet. In other words, do I need a specific
software or windows can do the job?

Thanks again
Marco / iw2nzm

Details about your network topology are missing.

If your machines are behind a DSL/Cable (NAT) Router, then only
outgoing connections may be established unless you have properly port-
forwarded necessary ports to a specified machine. If the machine you
are trying to connect to at the other end of the internet is also
behind a NAT router, then a direct connection would be difficult
without proper port forwarding on the routers at both ends.

The best approach here would be to establish a VPN connection to the
destination router over the internet. Once a VPN connection is
established, you can almost treat the remote machine as if it were
local.

HTH,
John

 

[Marco Trapanese]

John Wunderlich ha scritto:

Details about your network topology are missing.

It's very simple:

+ my PC (192.168.0.2/24)
+ the lan drive (192.168.0.254/24)

both are connected to the DSL router (192.168.0.1/24). No DHCP, IP
addresses are inserted by hand.

If your machines are behind a DSL/Cable (NAT) Router, then only
outgoing connections may be established unless you have properly port-
forwarded necessary ports to a specified machine.

In the configuration page of my router I forwarded the incoming traffic
on TCP 139/445 and UDP 137:139 ports to the lan drive. So I guess
incoming connection are possible, aren't they?

If the machine you
are trying to connect to at the other end of the internet is also
behind a NAT router, then a direct connection would be difficult
without proper port forwarding on the routers at both ends.

Currently I'm trying to connect my own machine to the lan drive through
the Internet. outgoing connection are always allowed by the router so
the only obstacle should be the incoming forwarding rules.

The best approach here would be to establish a VPN connection to the
destination router over the internet. Once a VPN connection is
established, you can almost treat the remote machine as if it were
local.

I'll give it a try. Anyway, also in this case I need to setup the remote
router (if any) to properly forward the necessary ports to allow VPN
traffic, I bet.

Thanks
Marco / iw2nzm

 

[John Wunderlich]

John Wunderlich ha scritto:


It's very simple:

+ my PC (192.168.0.2/24)
+ the lan drive (192.168.0.254/24)

both are connected to the DSL router (192.168.0.1/24). No DHCP, IP
addresses are inserted by hand.



In the configuration page of my router I forwarded the incoming
traffic on TCP 139/445 and UDP 137:139 ports to the lan drive. So
I guess incoming connection are possible, aren't they?

It appears that you have things set up properly. Incoming connections
should be possible.

Also keep in mind that some ISPs block these ports, figuring that it
caries a high potential for abuse.

Currently I'm trying to connect my own machine to the lan drive
through the Internet. outgoing connection are always allowed by
the router so the only obstacle should be the incoming forwarding
rules.

I assume you are trying to connect from an internet machine outside
your LAN. I don't know if routers can handle internal packets looping
back in.

Just to remove the DNS from the equation, you might want to put an
entry for your Lan drive into the LMHOSTS file (there should be a
sample file "lmhosts.sam" that you can copy and save as "lmhosts" (no

I'll give it a try. Anyway, also in this case I need to setup the
remote router (if any) to properly forward the necessary ports to
allow VPN traffic, I bet.

If the router supports VPN, you will actually VPN to the router itself
which will then place you as another device on its local LAN.

Good luck,
-John

 

[Marco Trapanese]

John Wunderlich ha scritto:

Also keep in mind that some ISPs block these ports, figuring that it
caries a high potential for abuse.

Yeah, I'll investigate on this.

I assume you are trying to connect from an internet machine outside
your LAN. I don't know if routers can handle internal packets looping
back in.

I'm sure they can, at least mine can. Last week I set up an ftp server
on my notebook, opening the related port on the router. Well, from
another PC *inside* the LAN I can access to the ftp typing ftp:\\myddns.

Now I'm trying to do the same thing with the file sharing protocol
instead of file transfer protocol. I bet you're right about ISP.

Just to remove the DNS from the equation, you might want to put an
entry for your Lan drive into the LMHOSTS file (there should be a
sample file "lmhosts.sam" that you can copy and save as "lmhosts" (no
extension) with your name <-> IP address connection information added
to it.

I did this last night.

If the router supports VPN, you will actually VPN to the router itself
which will then place you as another device on its local LAN.

Good luck,

Very appreciated, thanks

Marco / iw2nzm

 

[Marco Trapanese]

Marco Trapanese ha scritto:

Now I'm trying to do the same thing with the file sharing protocol
instead of file transfer protocol. I bet you're right about ISP.

After a brief search I find out the TCP 139 and 445 ports are "filtered"
by my ISP. So I guess I can't do what I want

Marco / iw2nzm

 

[John Wunderlich]

Marco Trapanese ha scritto:



After a brief search I find out the TCP 139 and 445 ports are
"filtered" by my ISP. So I guess I can't do what I want

You may want to continue to investigate the VPN solution. Since a
level of security is built-in, ISPs don't often block VPN ports.

-- John

 

[Marco Trapanese]

John Wunderlich ha scritto:

You may want to continue to investigate the VPN solution. Since a
level of security is built-in, ISPs don't often block VPN ports.

Yes, I'll do this.
Anyway, I need to configure *each* machine I want to connect from. In my
mind this should be avoided. Just type the address and insert username
and password. That's all.

Perhaps I ask too much to current Internet technology

Marco / iw2nzm