topic Re: CIFS over firewall in Operating System - HP-UX

CIFS over firewall

David Connolly — Fri, 22 Sep 2006 05:42:24 GMT

Hello, can someone point me towards relevant documentation on running a CIFS mount over a firewall? Specifically, I'm looking for guidance on port numbers, windows/netbios authentication methods and any other "gotchas" in using this protocol in a secured network.

Thanks in advance.

Re: CIFS over firewall

Luk Vandenbussche — Fri, 22 Sep 2006 08:39:48 GMT

David,

These are the ports used by cifs

UDP/137 - used by nmbd
UDP/138 - used by nmbd
TCP/139 - used by smbd
TCP/445 - used by smbd

Re: CIFS over firewall

David Connolly — Fri, 22 Sep 2006 08:55:33 GMT

Thanks Luk. In my proposed solution, the remote share will reside on Windows server that is a member of a domain. Will I need to access the PDC in order to authenticate, or does that server "relay" the authentication to the PDC?

Basically, do I need to open those ports between my target server and the PDC?

Re: CIFS over firewall

Bill Hassell — Sat, 23 Sep 2006 21:02:25 GMT

Netbios doesn't route very well but CIFS (just like NFS) is the worst possible security risk I can imagine for sharing your data. CIFS is simply not a secure protocol and is easily sniffed as well as compromised. If you have a secure network, adding CIFS capability will eliminate that quality. If you must share data over the Internet, use a VPN and CIFS will safe and very easy easy to share.

Re: CIFS over firewall

David Connolly — Mon, 25 Sep 2006 23:39:35 GMT

Thanks Bill. I am well aware of the security risks involved. The DMZ is not touching the internet, rather it is a staging ground between another DMZ and the private LAN. Checkpoint have specific protocol-aware products for managing CIFS over the firewall which go some way towards managing the risk.