atcomsystems.ca/forum Forums VOIP Phones & IP PBX Networking Access shared drive on web server

one of our customer has 2 office locations.Now there is a web server using IIS 7.0 at one location which they use to create reports. The server is confiured with a 1-to-1 NAT on a static ip & can be accessed from anywhere remotely & locally with no problems. The problem is accessing a shared drive on the same machine thats running the webserver. Local office can access shared drive & web server using local network ip address like 10.0.10.24, but remote office can only access web server using static ip & cannot access the shared drive. They do not want to use VPN & since it used to work without VPN before they changed their ISP at one remote location. I tried different settings, but no luck. Is there any ports that i need to open on the main gateway router of local office. Also both location now has comcast as their ISP.

They mustve been sharing using IIS or some sort of web server. Can you provide a little more detail as to how they did this in the past? How did they connect to the shared folder?

Windows sharing uses NetBIOS. You must open the NetBIOS ports, 445, 135, 138, and 139. However if sharing was working before you changed ISPs, these ports are probably already open on your firewall. It is the ISP who is blocking them. They do this so users don't accidentally share their files over the Internet.

the remote office had T1 service before & now switched to comcast, so has new comcast business gateway router & local office had comcast & added some phone lines through them & so comcast installed a new gateway router at local ofiice too. Both offices have same model SMC routers provided by comcast. They have a vpn tunnel between the 2 offices dedicated only for phones since their PBX is Panasonic IP system. They had this even before they made changes in ISP.but the VPN tunnel is set using Linksys VPN routers running on static IP on both locations. At local office only PBX is connected to VPN router, all computers are connected to comcast router. At remote office only IP phones are hooked upto VPN router & all computers are connected to comcast router. This setup has not changed, only change made was removing the T1 router & replacing it with comcast gateway router at remote office & just changing comcast router with a different model at local office.

Butch Cassidy, server was & is still at local office & their ISP has't been changed. Its remote office where isp change is made.

It sounds like there was some programming missed in the router swap at the local office. What changed is really guesswork without more information. Can you find out from one of the users what they did to connect to the shared folder? Then I'll know exactly whats missing.

Tito1411, they just used to map the drive in MY Computer using static IP of the server.like \\76.25.148.235\shared folder

WOW! I had to ask again because any competent IT person would never setup file sharing over the internet using NetBIOS. Most ISPs block NetBIOS ports so I would first check to make sure Comcast didnt change anything. Second you need to make sure that ports 137-139 and 445 are forwarded to the correct computer inside the network. However this is a HUGE mistake. Setting this up like this opens up the company's files for anyone on the internet to access. Why this was setup in the first place is beyond me and in my opinion is downright reckless and irresponsible. If they want to share files across locations they need to use a VPN plain and simple or get some kind of dedicated connection between locations. I cant stress enough how setting it up the way it was would be a huge mistake. :nono:

You best and safest option is to intstall/activated FTP server on the machine and forward your required ports.

mbtel,

Pay very close attention to what tito1411 said - Having NetBIOS ports open on the internet is an absolutely horrid idea. Not only are you making any shares that are not passworded completely visible, but it opens up an attack vector.

Netbios allows you to re-try associating with no 'penalty delay' or lockout for incorrect password attempts. Incorrect logins MAY be logged - if logging is turned on, and if someone is actually checking those logs. This means an attacker can run a simple brute force against your system all day, every day, and nobody is going to notice.

They might not like the idea of having a VPN, but it is their safest option. Otherwise, as rustynails said, FTP is always a (less secure but ) viable option.

Have a day!
Tod.

ps.
Comcast does block those ports, and now you know the reason(s). It's a Good Thing (TM).