Firewall rules to allow browsing across a workgroup
Does anyone have any recommendations regarding necessary firewall rules for browsing across a Windows workgroup inside the LAN ? I mainly want to share files and printers, without using a Domain Controller.
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
Remove any rules that drop NetBIOS traffic (TCP/UDP 135-139). Enter the following two rules in your forward chain above any "drop all incoming" rules..
Here are some other things to look into on the client's.
How To Share Files and Folders over a Network for Workgroups in Windows Server 2003:
http://support.microsoft.com/default.as ... -us;323420
You will also have problems browsing a peer to peer windows network if all of the computers in a peer-to-peer workgroup do not have a common networking protocol (netbios), a common workgroup, and common user names and passwords.
You should be able to ping each peer by the IP address and by the NetBIOS name.
You'll need common usernames and passwords on each peer otherwise you'll have permission problems accessing shared resources. This is only for WindowsXP Pro, Windows 2000, Windows server 2003.
So say you had user1 on PC A, and wanted to access a file on PC B, but there was no user1 on PC B, you'd get a error related to permissions or network resource not accessible. Since there is no central user database to authenticate against (like in an Active Directory Win2k/2k3 Domain).
Code: Select all
/ip firewall filter
add chain=forward protocol=udp dst-port=135-139 action=accept comment="NetBIOS" disabled=no
add chain=forward protocol=tcp dst-port=135-139 action=accept comment="NetBIOS" disabled=no How To Share Files and Folders over a Network for Workgroups in Windows Server 2003:
http://support.microsoft.com/default.as ... -us;323420
You will also have problems browsing a peer to peer windows network if all of the computers in a peer-to-peer workgroup do not have a common networking protocol (netbios), a common workgroup, and common user names and passwords.
You should be able to ping each peer by the IP address and by the NetBIOS name.
You'll need common usernames and passwords on each peer otherwise you'll have permission problems accessing shared resources. This is only for WindowsXP Pro, Windows 2000, Windows server 2003.
So say you had user1 on PC A, and wanted to access a file on PC B, but there was no user1 on PC B, you'd get a error related to permissions or network resource not accessible. Since there is no central user database to authenticate against (like in an Active Directory Win2k/2k3 Domain).
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
I think we're goiing to have to call Gates personally on this one . 
Block user to share files in one networK
/ip firewall filter
add chain=forward protocol=udp dst-port=135-139 action=drop comment="NetBIOS" disabled=no
add chain=forward protocol=tcp dst-port=135-139 action=drop comment="NetBIOS" disabled=no
if i make a new rules like this, what will be effect. If any changes i can't
Block user to share files in one networK? I want to set for clients can't access
file sharing in one network or disable. So they can't a see the other client from network.
Please give me the rules from firewall filter.
thanks before
add chain=forward protocol=udp dst-port=135-139 action=drop comment="NetBIOS" disabled=no
add chain=forward protocol=tcp dst-port=135-139 action=drop comment="NetBIOS" disabled=no
if i make a new rules like this, what will be effect. If any changes i can't
Block user to share files in one networK? I want to set for clients can't access
file sharing in one network or disable. So they can't a see the other client from network.
Please give me the rules from firewall filter.
thanks before