Re: ipcop blue to green - access file share

[Roger Searle]

Thanks Chris, turns out I don't need to open anything but your 
suggestion of 137-139.  nmap shows:

[EMAIL PROTECTED]:~$ nmap 10.2.1.250
Starting Nmap 4.53 ( http://insecure.org ) at 2008-06-12 
1                                                                    
4:41 NZST
Interesting ports on 10.2.1.250:
Not shown: 1706 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
23/tcp   open  telnet
80/tcp   open  http
139/tcp  open  netbios-ssn
514/tcp  open  shell
515/tcp  open  printer
631/tcp  open  ipp
9100/tcp open  jetdirect
though none of 515, 631 or 9100 are needed.  I'm successful in so far as 
I can browse to 10.2.1.250 and see the printer named there, install 
drivers and have a printer to which I can print.  ie I have a 
\\10.2.1.250\aficio3025 print device via the blue network,  unable to 
resolve the IP address to name and have \\ricoh\aficio3025 as is the 
case on green.  While it's perhaps only marginally a linux question, 
could I do something with the IPCop box to allow name resolution to take 
place between these subnets?

Thanks to everyone for getting me this far.  If it goes no further, I'd 
consider this solved enough.

Cheers,
Roger


Christopher Sawtell wrote:
You need these open.

netbios-ns      137/tcp                         # NETBIOS Name Service
netbios-ns      137/udp
netbios-dgm     138/tcp                         # NETBIOS Datagram Service
netbios-dgm     138/udp
netbios-ssn     139/tcp                         # NETBIOS session service
netbios-ssn     139/udp


On 6/12/08, Roger Searle <[EMAIL PROTECTED]> wrote:
  
Nick Rout wrote:
    
On Thu, Jun 12, 2008 at 9:42 AM, Roger Searle <[EMAIL PROTECTED]>
wrote:

      
Steve Holdoway wrote:

        
On Wed, 11 Jun 2008 16:25:25 +1200
Roger Searle <[EMAIL PROTECTED]> wrote:


I want the wireless clients to be able to access the file share on the
green network and believe I need to set up a DMZ pinhole - is that
correct?
 If so, what port(s) (or range) should I open?

Yes, you are correct. You need to open 2 udp ports - 137 and 138 for
NetBIOS Name and Datagram services, and tcp ports 139 and 445 for
NetBIOS
session and M$ Directory services. Jut open it for the IP address of the
XP
client and all should be sweet.
 hth,

Steve


          
Thanks, very helpful - it "just works", nice!  Now I'd like to be able to
print as well, more holes needed since none of the printers are
available.
 Simplest case is the office printer/copier with it's own IP address
directly on the green network.  What ports/protocols do I need open for
that?
And then for a printer attached to a PC, presumably this requires opening
ports to the PC's address, but is the process essentially the same and
the
ports the same?

Cheers,
Roger

        
What protocol are you using for the printer?


      
The port configuration taken from a windows machine that connects to
this printer says "raw" protocol on port 9100.  Having earlier guessed
that it might be IPP, I currently have pinholes for the following: both
TCP and UDP, for each of the ports 9100, 631 and 80, each from blue
network to green network.  I still get "printer not found on server,
unable to connect" from the XP client.  So my guesses aren't quite right
- I'm not sure what to look for or at from this point?