i tried to make file and printer sharing open to the internet on NT3.51 in 1998, but it just refused to actually ever work.
Are are the IP ports and protocols that must be port-forwarded to make file and printer sharing available to the internet?
Reading KB298804 – Internet firewalls can prevent browsing and file sharing, it says that there are two port ranges:
- Microsoft file sharing SMB: Port 135-139 (TCP and UDP)
- Direct-hosted SMB traffic without NetBIOS: Port 445 (TCP and UPD)
Try attempts so far
i open those port ranges on my router, NATting them to my desktop machine, but i cannot access them from the outside:
Other machines on the LAN can access the shares.
Packet capture on the router shows that the traffic is reaching my home machine. My work machine is trying to connect direct (without NetBIOS). Then it pings, and then it frantically keeps trying other ports:
IP/TCP 69.59.196.211:445 <== 216.8.139.6:59763 tcp 0
IP/ICMP 69.59.196.211 <== 216.8.139.6 ICMP echo request
IP/ICMP 69.59.196.211 ==> 216.8.139.6 ICMP echo reply
IP/TCP 69.59.196.211:139 <== 216.8.139.6:59764 tcp 0
IP/TCP 69.59.196.211:445 <== 216.8.139.6:59763 tcp 0
IP/TCP 69.59.196.211:139 <== 216.8.139.6:59764 tcp 0
IP/TCP 69.59.196.211:445 <== 216.8.139.6:59763 tcp 0
IP/TCP 69.59.196.211:139 <== 216.8.139.6:59764 tcp 0
Then i tried disabling the Windows Firewall completely, to see if it was the culprit:
And disabling the firewall completely worked.
So what settings on the Windows Firewall will allow File and Printer sharing from all networks, not just the local network?
i stumbled across a page that lists all the rules. The port 445 traffic is only allows from the Local subnet. i'd like to change it to Any, but the rule does not look editable:
So the question becomes how to allow port 445 traffic from Any remote address, not just the Local subnet?
Answer
i found the spot where you can enable direct-hosted SMB traffic to allow traffic from any remote host (by default it limits to local subnet):
The important points are:
- Incoming Rules
- File and Printer Sharing (SMB-in) (Private Profile)
- Scope. Remote Address: Any
There are multiple rules called "File and Printer Sharing (SMB-in):
- File and Printer Sharing (SMB-in) (Private Profile)
- File and Printer Sharing (SMB-in) (Public Profile)
- File and Printer Sharing (SMB-in) (Domain Profile)
These profiles correspond to your selection of a network's location:
- Home ==> Private profile
- Work ==> Private profile
- Public ==> Public profile
and if you joined a domain, then the profiles are configured through the domain admin
- domain ==> Domain profile
Self-learner. Guide exists here for anyone else who wants to open their machine's file sharing to the internet (Yeah right).
Best Answer
Just looking at my machine here (unfortunately XP so admittedly not the same), if I go into the exceptions tab in firewall settings, and edit the "File and Printer Sharing" entry, there is an option to "Change Scope". This presents you with the following three options:
Can you confirm that the port ranges you mentioned are all present in the list when you edit the File and Printer Sharing entry, and that their scopes are all set to Any?
Update: If you go to "Windows Firewall with Advanced Security" by clicking "Advanced Settings" from the left hand column on the Firewall homepage in Control Panel, you may be able to find the rule in question and edit its scope from there.
Update 2: Just seen your new screenshot, can you not change the rule from the other tabs? They both sound potentially useful!