Microsoft TechNet Forums

Forums Home

Browse Users

Please sign in

Microsoft TechNet > Forums Home > Windows Vista IT Pro > Windows Vista Networking > Port forwarding 445 for S...

Port forwarding 445 for SMB and SSH problem

Filter By:

Actions:

Reply
Quote
Post already rated
Answer
Helpful (1)
JSB2008 - Posted on Sat 15 Nov 2008 05:35:18 PM PST
Okay...thanks to theultramage's insight and a bit of experimentation, I may have stumbled upon a workaround: Try this (but create a system restore point, do a backup, and cross your fingers first!):

1) Go to "Device Manager" select View and enable "show hidden devices."
2) Expand "Non-Plug and Play Drivers" and set "Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)" to start on demand.
3) Reboot
4) Bind port 445 with your application. I used Putty and bound my local loopback addresses on ports 139 and 445 to the tunneled IP addresses' ports 139 and 445 on the remote network.
5) Start the "Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)" driver.
6) Browse the remote shares like you used to do before KB942624.
6) Celebrate! We just found a way around the Port forwarding 445 for SMB and SSH problem!

I tried this on two different Vista machines: One with the KB942624 patch applied and the other with SP1 integrated in. It worked on both. No blue screens or any other quirks that I could see.

Only problem is that you must bind the port before starting SMB.sys each time you start Windows. You can't stop the device once it's started (or at least I couldn't).

Again, I didn't come up with this approach on my own. Theultramage's post pointed me in the right direction.
Reply
Quote
Post already rated
seaders - Posted on Wed 19 Nov 2008 02:41:03 AM PST
JSB, you're an absolute and utter legend, totally. just tried it there and it worked first time, perfectly. I had all but given up hope. seeing now how it's being blocked gives more credence to what mapmike was saying, literally MS wanted to f' about with people who used this system, no matter who it harmed. well, we'll certainly see their intentions if this workaround is blocked with an update. shocking state of affairs, but great to have a solution. thanks again, fella
Reply
Quote
Post already rated
vmooney - Posted on Mon 24 Nov 2008 01:29:14 PM PST
My Windows XP SP3 is showing the same symptoms as Vista, however there is missing the service that is in the Vista Workaround. Is there anyone that has gotten it to work? I'm willing to disable filesharing but even then my port 445 is still in use unless I disable the netbios driver which keeps me from accessing anything on the network.

Any clues?

Thanks,

Vincent
Reply
Quote
Post already rated
seaders - Posted on Mon 24 Nov 2008 04:57:42 PM PST
jaysus, they've done it to XP now too? that is just disgraceful, what a pathetic excuse for a company. others spend their time trying to get alternative OS's to work nicely with Windows and then someone at a high enough level decides that's too much of a threat and do everything to f**k it up. brilliant, top work there MS.

pathetic.

sorry I can't help ya Vincent, the only solution I've found is this one from JSB, but as you said, if that service isn't there in XP, there's no way I know of to fix it.
Reply
Quote
Post already rated
gerybubus - Posted on Thu 27 Nov 2008 02:08:26 AM PST
Hello!

Unfortunately I've same problem:
My client is windows xp, with SSH connection and tunnel. The server is win 2k3, here is the sharing folder, which I want to connect.
I've tunneled 139 and 445 port and in the putty log I see the following:
"Event Log: Local port 10.0.0.1:445 forwarding to gery.no-ip.org:445 failed: Network error: Permission denied"
The 139 port is OK.
I found your comment and I tried to do this procedure. But unfortunately I didn't fount "Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)" under Non-Plug and Play Drivers. :-(( How can I find it? Or how can I add it under Non-Plug and Play Drivers?

Thanks your help beforehand!
Reply
Quote
Post already rated
theultramage_ - Posted on Thu 27 Nov 2008 07:39:24 AM PST
See again my original topic for an explanation why the same steps won't work with the current windows XP.

Short summary: on XP if the "bind to all interfaces, port 445" action fails, the netbt.sys driver crashes and takes the whole OS down with it. Most likely just a missing return value check. Seems they fixed it in Vista though.
Why couldn't they just let the user specify which interfaces he wants to use and which to leave alone...
Reply
Quote
Post already rated
JSB2008 - Posted on Fri 28 Nov 2008 08:44:49 AM PST
I'm in the process of setting up a test machine with Windows XP Pro patched to SP3 so I can examine the problem in detail. I have a few things I'd like to try which may provide a workaround similar to the one for Vista.

With the holidays, I'm running a bit behind. Standby!

Update: Okay, I poked around with Windows XP SP3. Surprisingly, an old fix from the days of Windows NT did the trick:

1) Create a system restore point, do a backup, cross your fingers, yada yada yada.
2) Run Registry Editor (Start, Run, regedit, click okay).
3) Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
4) Right click in the rightmost pane, select NEW, DWORD value.
5) Name it SmbDeviceEnabled (Case sensitive: The S,D, and E are capitalized. Everything else is lower case. No spaces in between!)
6) It should default to a value of 0x00000000 (0). If for some reason it doesn't, set it to 0.
7) Reboot.
8) Bind port 445 with your tunneling application (again, I use putty.)
9) Browse your remote shares like you used to do before Windows XP SP3.
10) Celebrate: We just found a way around the Port forwarding 445 for SMB and SSH problem!
Reply
Quote
Post already rated
theultramage_ - Posted on Sat 29 Nov 2008 02:03:48 AM PST
Your procedure didn't work on XP SP2 nor SP3 when I just tried it. Looks like the OS is completely ignoring the setting. Did you miss something?
Reply
Quote
Post already rated
JSB2008 - Posted on Sat 29 Nov 2008 05:48:44 AM PST
I don't think so: In fact, I tried toggling SmbDeviceEnabled to 1, rebooted, and found port 445 bound by the OS again. Toggling it back to 0 and rebooting promptly unbinds the port again. I tried it on two separate XP Pro SP3 systems with identical results.

There must be some subtle difference in our systems. Here's the essence of my test systems:

1) Windows XP Pro SP2 upgraded to SP3 using WindowsXP-KB936929-SP3-x86-ENU.exe
2) A loopback adapter configured as follows:

IP addresses 10.0.0.1 and 10.0.0.2, subnet masks 255.255.255.0, no gateway, no dns. Client for Microsoft Networks and Internet Protocol (TCP/IP) enabled, File and Printing Sharing for Microsoft Networks disabled. Netbios over TCP/IP disabled.

3) Putty connecting to an SSH system with following tunnels:

10.0.0.1:139 to 192.168.99.1:139
10.0.0.1:445 to 192.168.99.1:445
10.0.0.2:139 to 192.168.99.6:139
10.0.0.2:445 to 192.168.99.6:445

4) SmbDeviceEnabled added to registry and set to 0 as described in previous post.

Incidentally, plain Windows XP Pro SP2 should work without any special modifications. SP3 introduced the 445 binding issue. If port 445 is locked and bound by the OS on an unpatched XP2 system then something else is going on.
Reply
Quote
Post already rated
workingedge - Posted on Sun 07 Dec 2008 02:48:24 AM PST
JSB2008's vista recipe works nicely. You can also start the "Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)" from the command line (make sure you run cmd prompt as administrator) using:

net start smb

(e.g. if you want to create a batch file to open your ssh tunnels [4] and then start this service [5]).

Once you have SMB started with your loopback interface "masked" from it you seem to be able to unbind and bind to port 445 on your loopback interface without any problems. So for example if your SSH tunnels break due to a network glitch you should be able to remake them without having to go through the whole process of rebooting and starting the SMB service.

That makes me suspect that temporarily binding any application to ports 139+445 (possibly just 445) on the loopback interface you don't want the SMB service to hog before starting the SMB service may suffice.
Reply
Quote
Post already rated
workingedge - Posted on Tue 09 Dec 2008 04:01:25 PM PST
Vista users - once you have set your SMB service to manual startup, you can run it from a wrapper script that masks port 445 first. For example if you have perl installed you can create a perl script to mask the port and start it:

use Socket;

my $protocol = getprotobyname('tcp');
my $addr = inet_aton('10.0.0.1'); #loopback address
my $port = 445;
my $dest = sockaddr_in($port,$addr);

#Mask port 445 on loopback interface
socket(SOCK, AF_INET, SOCK_STREAM, $protocol) or die("Can't create socket - $!");
bind(SOCK, $dest) or die("Can't bind socket - $!");
listen(SOCK, SOMAXCONN) or die("Can't listen - $!");

#Start evil hoggy service
system("net start smb");

#Shield the port for 5 sec to give it time to start
sleep(5);

#Release port
close SOCK;

Run this as administrator after your machine starts up and then you can start your SSH tunnels whenever you need to.
Reply
Quote
Post already rated
bitwiselannon - Posted on Wed 10 Dec 2008 04:57:06 AM PST

Hello,

i've been trying to get this to work for a couple of weeks now, and this thread is the first i've seen in that time that gives me hope!

I still haven't been able to get this to work though (VISTA SP1.)

I will eventually be trying to map folders on a NAS drive, but for now i'm trying to just map my folders on my web server (paid web hosting).

I have SSH access through port 6024, and followed the instructions, disabling the SMB service at startup, using putty to connect to my web host (on port 6024) forwarding ports 139 and 445 from my loopback adapter (IP: 10.0.0.1), which i can see the port forwarding working from the putty event log, then enable the SMB service again.

However, when i type:

net use * \\10.0.0.1\home\smagru

into the cmd line, i get 'error 64: the specified network name is no longer available'. Any ideas what thats about?

I did add the following to my lmhosts file:

10.0.0.1 MYFTP #PRE

an nbtstat -c shows the netbios name cache table for my loopback adapter, although interestingly that adapter has a node ip address of 0.0.0.0. I am waiting to here back from my web hosts with more information on the samba or smb service running on the remote server.

Is this a naming problem now? Or do i need to forward some more ports, 138 and 137 perhaps? as they appear to be for the netbios naming service?

Cheers.
Reply
Quote
Post already rated
nobody_nobody - Posted on Tue 30 Dec 2008 09:14:21 PM PST
I really appreciate your posting. It works!!!
Reply
Quote
Post already rated
plin25 - Posted on Fri 02 Jan 2009 03:02:19 AM PST
While this solution is bloody freaking awesome, can we have Microsoft fix this?

It's bullshit that we have to hack the OS to do something that can easily be fixed by a simple patch!

And why does 'net stop smb' not work?