Vista Firewall - mapping drives across a VPN

[robatwork]

Hi,
I have a Vista PC that connects to a work domain across a (hardware) VPN. It isn't joined to that domain - just on a workgroup.

I have shared a folder on the Vista PC. I can ping VISTAPC from a PC on the work network. When I turn OFF the local firewall on the Vista PC then i can access the shared folder by typing \\VISTAPC in the run box on the work PC. When i turn the firewall back on, I can't access that folder any more.

What ports can I open (or more accurately rules can i configure) to allow acccess while keeping the firewall on?

mnay thanks
Rob

 

[smah]

Allow 135, 139 & 445 from the remote subnet or range

 

[robatwork]

That's briliant - thanks.

I did a bit of experimenting, and if I disable the rule for 139 and 135, it still works, but the 445 one is crucial. Any idea why this would be?

best regards
Rob

 

[smah]

445 is the only one really needed for windows cifs/smb protocol file sharing. 139 is for Netbios name resolultion (which is usually not needed if DNS name resolution is working correctly or if you're only connecting by IP address). 135 is the Remote Procedure Call port which is not strictly needed to share files , but has numerous network effects including 'browsing' the network. These ports are all targets for internet attacks, so make sure that your firewall is configured to restrict them to only the local and remote (vpn) subnets. Scan at ShieldsUP! to be sure.

 

[robatwork]

cheers - nice succinct explanation