Windows file shares and firewall

[Povl H. Pedersen]

We have a problem with windows file shares, and out new internal
firewall (packet filters between segments).

The problem is, that after x minutes (x>10) when users uses any
ressource on a network drive (like an icon on the desktop), it will
take 10-30 seconds extra for them.

We have permitted port 135+137-139+445 from the client to the server
segment. We drop unwanted packets (without sending info back to
sender)

And it normally works, except in the timeout situations.

Our network people found out at one location, that opening port 80 to
the servers (which are not running webservers), the problem seems to
be solved. They probably get a "Connection Refused" back, and falls
back to using the protocols they are supposed to.

Only special thing here is a firewall client. Disabling that makes no
difference.

What is going on here ?

 

[Phillip Windell]

We have permitted port 135+137-139+445 from the client to the server
segment. We drop unwanted packets (without sending info back to
sender)

I don't know about the specific problem,..but after allowing these ports
you've pretty much nullified any reason to bother with Layer4 Filtering to
begin with. There really isn't anything else left at the Layer4 level (TCP,
UDP, SPX) to block that is worth worrying about. All that is left is Layer3
Filtering that you could do with a simple LAN router and wouldn't need the
Firewall,...which replacing the Firewall with a LAN router in of itself may
cure your problem. Even a normal LAN router could filter what little
remaining Layer4 possibilities their might be.