HPE Community
Operating System - HP-UX
1833467 Members
3522 Online
110052 Solutions
New Discussion

Re: CIFS over firewall

 
SOLVED
Go to solution
David Connolly
Regular Advisor

‎09-21-2006 10:42 PM

‎09-21-2006 10:42 PM

CIFS over firewall

Hello, can someone point me towards relevant documentation on running a CIFS mount over a firewall? Specifically, I'm looking for guidance on port numbers, windows/netbios authentication methods and any other "gotchas" in using this protocol in a secured network.

Thanks in advance.
0 Kudos
Reply
4 REPLIES 4
Luk Vandenbussche
Honored Contributor

‎09-22-2006 01:39 AM

‎09-22-2006 01:39 AM

Solution

Re: CIFS over firewall

David,

These are the ports used by cifs

UDP/137 - used by nmbd
UDP/138 - used by nmbd
TCP/139 - used by smbd
TCP/445 - used by smbd
Reply
David Connolly
Regular Advisor

‎09-22-2006 01:55 AM

‎09-22-2006 01:55 AM

Re: CIFS over firewall

Thanks Luk. In my proposed solution, the remote share will reside on Windows server that is a member of a domain. Will I need to access the PDC in order to authenticate, or does that server "relay" the authentication to the PDC?

Basically, do I need to open those ports between my target server and the PDC?
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎09-23-2006 02:02 PM

‎09-23-2006 02:02 PM

Re: CIFS over firewall

Netbios doesn't route very well but CIFS (just like NFS) is the worst possible security risk I can imagine for sharing your data. CIFS is simply not a secure protocol and is easily sniffed as well as compromised. If you have a secure network, adding CIFS capability will eliminate that quality. If you must share data over the Internet, use a VPN and CIFS will safe and very easy easy to share.


Bill Hassell, sysadmin
0 Kudos
Reply
David Connolly
Regular Advisor

‎09-25-2006 04:39 PM

‎09-25-2006 04:39 PM

Re: CIFS over firewall

Thanks Bill. I am well aware of the security risks involved. The DMZ is not touching the internet, rather it is a staging ground between another DMZ and the private LAN. Checkpoint have specific protocol-aware products for managing CIFS over the firewall which go some way towards managing the risk.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.