2

I have the fileserver hosted on AWS. I was using smb port 445 to access the fileserver. I found out that some ISPs have blocked port 445, so I set up my fileserver instance behind AWS network load balancer and create a custom listener port on NLB and forward the request on this port to fileserver instance on 445. But windows share uses port 445 by default, so is there a way to make a request to nlb on a custom port and indirectly to my fileserver since I have a forward rule on NLB. Is this possible?

Note: I know that there is no syntax for alternate ports on windows share. I am looking for a workaround

SynAck
  • 121
  • 1
  • 1
  • 5
  • 1
    You could do port forwarding with a firewall, e.g. forward port public port 4455 to 445 internally – aardbol Apr 08 '20 at 07:00
  • I can give the public IP of my NLB to windows share. It will access NLB on 445(this is by default and can't be changed) but you are saying that I can do port forwarding on my firewall. So now the firewall will change the request to NLB:4455. I have listener on nlb at 4455 and this will forward the request to fileserver on 445,right? – SynAck Apr 08 '20 at 07:08
  • 1
    I don't know what your topology looks like but if your firewall is in front of your NLB, you can set up the port forwarding there so that your firewall will redirect the requests from 4455 public to port 445 on your NLB and that NLB will forward the traffic again to port 445 of the hosts. – aardbol Apr 08 '20 at 07:36
  • 1
    Does this answer your question? [what's the syntax for Accessing smb/windows shares via alternative ports?](https://serverfault.com/questions/39180/whats-the-syntax-for-accessing-smb-windows-shares-via-alternative-ports) – Massimo Apr 08 '20 at 10:39
  • @Massimo it doesn't. I am looking for a workaround. – SynAck Apr 08 '20 at 10:48
  • 1
    @Ali I know, but there is also no support *on the client side*; even if you place a load balancer performing a port forwarding in front of the file server, there is no way to tell *the client* to connect to a different port. – Massimo Apr 08 '20 at 11:37

2 Answers2

4

SMB is generally not a protocol used over the internet. You should set up a VPN between your client (laptop?) and AWS and tunnel SMB through the VPN. Then you won’t have to worry about ISPs blocking port 445, won’t need the AWS fileserver open to the world and also will have an extra layer of security. There are many options for VPNs, both open source and commercial.

Hope that helps :)

MLu
  • 24,849
  • 5
  • 59
  • 86
1

Make a portproxy on Windows with a virtual adapter (loopback) to redirect port

View step-by-step (in pt-BR but with images by step)

https://apolonioserafim.blogspot.com/2021/05/acessar-servidor-samba-em-porta.html

Transposed:

ACCESS SAMBA SERVER IN CUSTOM PORT / REDIRECT PORT - IPV4 PROXY PORT WITH NETSH

If you need to access SMB 445 with a custom port

Run the wizard to add Hardware (Windows + R) hdwwiz.exe

Select "Install the hardware manually from a list (advanced)" then click Next to continue

In the list select "Network adapters" then click Next to continue

In the list on the left side select Microsoft

In the list on the right hand side select Microsoft Loopback Adapter then click Next to continue

At the end click Next and the interface will be installed

To rename, go in settings and select Internet Protocol Version 4 (TCP/IPv4) Then click Properties

Set any IP, just not the same IP range as your current network to avoid any IP conflict (in this example, used 10.10.10.1)

Open PowerShell or CMD as administrator and enter the command below

netsh interface portproxy add v4tov4 listenaddress=10.10.10.1 listenport=445 connectaddress=smb.example.com connectport=44518

Where: listenaddress - is the address defined in the previous steps, in this example 10.10.10.1

listenport - the original samba port (445, 137, 138, 139) usually just 445 will solve connectaddress - the remote address that will be made the proxy, can be a DNS name or an IPv4 address n.n.n.n

connectport - the customized service port, in the example, 44518

Reboot computer

This should now allow local connections to 10.10.10.1 port 445 to be directed to smb.example.com port 44518

Tim M.
  • 13
  • 5
Apolônio Serafim
  • 21
  • 1
  • 2
    Link-only answers rot over time, several of mine have. Please add some content to this answer so it can stand alone in case the link-target goes away. We have 12 year old ServerFault questions on here, so you need to plan for that sort of longevity. – sysadmin1138 May 31 '21 at 22:12