blocked port

Christopher R. Hertel crh at nts.umn.edu
Wed Jun 7 16:08:53 GMT 2000 

In the US, @Home provides service via cable TV connections.  Cable, by 
its very nature, is a broadcast medium.

Many cable customers had Windows boxes.  As you know, Windows boxes do not
need a system administrator.  They run perfectly out-of-the-box.  Urq? 
Seems, though, that lots of vendors ship Windows boxes with file sharing
turned on.  Also, lots of folks like to share files with other systems in
their homes.  Thus, W/95 and W/98 systems in homes are likely to have
unprotected shares available. 

See the problem?  Cable modems are a broadcast medium, and there are 
unprotected shares under NetBIOS (which announces services via broadcast).

This brought a whole new meaning to the term "Network Neighborhood". 
People were storing files on their neighbor's machines, taking a look at
bank records, etc.

As a result, cable providers commonly block the NBT service ports: 137, 
138, and 139.

This is a *good thing*.  You really don't want to be sharing services with
other folks in your cable neighborhood.  Really. 

However, it does cause a few problems if you are trying to share files 
with a remote machine.  My recommendation is this:

1) The remote machine should not be made available over the Internet 
   anyway.  I see scans for these ports almost every day on my cable
   modem connection.  I have an at-home firewall just in case.  Your
   remote server should also be protected by a firewall.

2) Use PPTP to build a VPN connection between your home network and the
   remote server.  The VPN tunnel will allow you to open these ports
   without trouble.  It also requires that you authenticate before 
   bringing up the link, thus preventing evil nasties from getting to 
   your remote server (which is behind a firewall).

PPTP is not the best protocol for this kind of thing, but it is probably 
the easiest to set up in your situation.

Hope that helps.

Chris -)-----

[Charset iso-8859-1 unsupported, filtering to ASCII...]
> I think I have discovered why many of the tests fail between my server and
> my pc.
> 
> It appears that port 139 is blocked between my server and my PC. I am using
> the @home network and VPN. Has anyone heard of this happening before, and if
> so, how do you 'fix' it.
> 
> I changed my services file on my pc, but a netstat -na shows that 139 is
> still listening. I have searched the registry and all my ini files, but
> there is no port 139.
> 
> Ron
> 


-- 
Christopher R. Hertel -)-----                   University of Minnesota
crh at nts.umn.edu              Networking and Telecommunications Services

    Ideals are like stars; you will not succeed in touching them
    with your hands...you choose them as your guides, and following
    them you will reach your destiny.  --Carl Schultz

More information about the samba-technical mailing list