Re: Windows File Sharing with IPCop
From: j.mickerts@gmx.netDate: 08/22/02
- Previous message: Mitchel Chapman: "MS02-042 Patch on win2k pro kills capability to map to default sh ares"
- In reply to: Bryan Ponnwitz: "Re: Windows File Sharing with IPCop"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Bryan Ponnwitz" <bponnwit@btboces.org>, <focus-ms@lists.securityfocus.COM> From: j.mickerts@gmx.net Date: Thu, 22 Aug 2002 20:26:33 +0200
Hi,
basically, you should be able to telnet port 445 on the windows host from
the same network. The same should be true from the other side of the
firewall. If it does not work, you should first check whether it is just a
simple routing problem. To check this you should allow icmp to ping the
server. If that works, or you can access any other service on the machine,
this is done. If you can forward other ports, but not 445, you still may
have the firewall blocking this for some reason. Then you should really
check the logs of the firewall, and maybe share some information found
there. You should consider to allow kerberos (Port 88 upd/tcp) as well.
Even if you do IP-Filtering Kerberos will be allowed by default, and
somehow you should authenticate. One way if Lanman (137+138upd, 139tcp),
the other is Kerberos.
For PPTP I assume you allowed port 1723 but forgot to allow GRE, which is
IP Protocol 47 (do not mess this up with tcp or upd ports).
Kind regards,
Jens Mickerts
"Bryan Ponnwitz" <bponnwit@btboces.org>
22.08.2002 15:32
To
<focus-ms@lists.securityfocus.COM>
cc
Subject
Re: Windows File Sharing with IPCop
I listened to your advise and here are the following changes that I
made:
1) I changed the SSL server running on the firewall to run on port 443
instead of 445 to avoid any confilct.
2) I attempted to open ports 135-139 udp and tcp and there was no
effect.
3) To see if I needed RPC or not, I enabled IP Filtering on the WinXP
machine and only allow port 445 for tcp and udp. I'm able to connect to
the test share I have setup with no problem from within the firewalled
network, but still cannot connect externally.
Any more ideas at this point? It would appear that all I have to do is
forward port 445 for it to work. So, I instead tried to setup the WinXP
machine to accept incoming PPTP connections so that I can connect that
way. But when I try to connect to the computer via PPTP, I get one of
the following errors:
1) TCP/IP reported error 733: Your computer and the remote computer
could not agree on PPP control protocols.
2) Error 6: The handle is invalid.
3) Error 668: The connection was terminated.
Now what the heck is the problem?
Bryan Ponnwitz
Webmaster - Broome-Tioga Boces
bponnwit@btboces.org
(607) 763-3609
- Previous message: Mitchel Chapman: "MS02-042 Patch on win2k pro kills capability to map to default sh ares"
- In reply to: Bryan Ponnwitz: "Re: Windows File Sharing with IPCop"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
