none
Port forwarding 445 for SMB and SSH problem

    Question

  • Hi, I'm trying to map onto a remote drive, but I'm having huge problems when mapping port 445 to the remote machine, with putty I get "Local port 10.0.0.1:445 forwarding to 127.0.0.1:139 failed: Network error: Permission denied", even though I've disabled NetBIOS.  I've read of various fixes that are supposed to work, but nothing has for me yet, not calling the support desk and using the KB 933468, nor a few other fixes that I've read.  Is there any other option?  My Vista version comes with SP1 preinstalled, so I've no option to disable this ... patch ... that hampers me incredibly.

    Is there another way around this, I do think it's a real irritation and another example of taking the control of people who know how to use the OS away.
    Tuesday, October 21, 2008 10:23 PM

Answers

  • Okay...thanks to theultramage's insight and a bit of experimentation, I may have stumbled upon a workaround: Try this (but create a system restore point, do a backup, and cross your fingers first!):

    1) Go to "Device Manager" select View and enable "show hidden devices."
    2) Expand "Non-Plug and Play Drivers" and set "Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)" to start on demand.
    3) Reboot
    4) Bind port 445 with your application.  I used Putty and bound my local loopback addresses on ports 139 and 445 to the tunneled IP addresses' ports 139 and 445 on the remote network.
    5) Start the "Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)" driver.
    6) Browse the remote shares like you used to do before KB942624.
    6) Celebrate! We just found a way around the Port forwarding 445 for SMB and SSH problem!


    I tried this on two different Vista machines: One with the KB942624 patch applied and the other with SP1 integrated in.  It worked on both.  No blue screens or any other quirks that I could see.

    Only problem is that you must bind the port before starting SMB.sys each time you start Windows.  You can't stop the device once it's started (or at least I couldn't).

    Again, I didn't come up with this approach on my own.  Theultramage's post pointed me in the right direction.


    Sunday, November 16, 2008 1:35 AM

All replies

  • Hi,

     

    I am afraid we need more information to clarify current status.

     

    1.      Are you trying to map a drive? Or set Port forwarding?

    2.      How did you configure it?

     

    Thanks.

     

     

    Thursday, October 23, 2008 8:26 AM
    Moderator
  • I am trying to map a remote drive that sits on a Debian server online, something which I've done and working on numerous XP installs.

    The way I'm doing this is the most common solution found online,
    Install a MS Loopback Adapter (done) and give it a private network address that you won't come across in your normal usage (10.0.0.1, done), turn off File and Printer Sharing in Network Config and NetBIOS in IPv4 WINS (done).
    Start a SSH session to the machine where you tunnel and port forward port 139 (done) and port 445 (problem).

    When I try to port-forward 445, I get the error "Permission Denied" and no matter what I've tried, I can't get around it.  This is a huge problem for me as I manage quite a few different machines in this manner, it's never been a problem for me on any other OS before.
    • Proposed as answer by Ianmac45 Tuesday, September 20, 2011 4:19 PM
    Thursday, October 23, 2008 10:56 AM
  • Hi,

     

    Thank you for posting.

     

    I did a research on it, I suggest you disable UAC and disable IP v6 to test this issue again.

     

    In addition, it is recommended to contact SSH provider to check whether there is a specific setting for Windows Vista.

     

    Thanks.

     

    Friday, October 24, 2008 7:58 AM
    Moderator
  •  Robinson Zhang - MSFT wrote:

    Hi,

     

    Thank you for posting.

     

    I did a research on it, I suggest you disable UAC and disable IP v6 to test this issue again.

     

    In addition, it is recommended to contact SSH provider to check whether there is a specific setting for Windows Vista.

     

    Thanks.

     

    UAC has been disabled since day one when I got the machine, it's a horror that I would never use in it's current state, in Windows 7, I might, maybe.  IPv6 has caused nothing but problems with Vista Networking, so that too got disabled as soon as I got the machine.

    As for the SSH provider, are you talking about PuTTy or the remote machine that I administer?  Because if you're talking about PuTTy (or SSH Shell, or direct SSH access with Cygwin, I've used them all), then no, I should not in any way need to check with them.  This is a standard connection that can be used on Windows 98, 2000, ME, XP, all flavours of Linux and Unix and with Solaris systems (with slightly different tweaking and a lot of the time easier than how you're forced to do in Windows), I know this because I've been using this setup for years and have, at one stage or another, needed to set it up on those OS's.

    This is not a problem with SSH, this is not a problem with the remote machine, it's a problem with Vista, plain and simple.  For too many Windows OS's I care to remember, they use port 139 and 445 for Samba shares, there's no way you can change that (if you could there wouldn't be a problem here), so the only way to be able to access your remote space via \\myremotename.dnsalias.com is to forward both those ports to the remote machine.  This has caused trouble before, but I've always been able to work around it, but this time, it seems that it's completely blocked off from me and any other users that use Vista.

    I always find these sort of things a terrible scenario, when you've experienced admins, who know exactly what they need to do, and how they need to do it, but Vista is restrictive for normal Joe Bloggs, that they disable what the experienced user wants.  Again, this is a huge thing for me, I was finally coming around to being a Vista promoter, until this happened and if I don't find a resolution, I may have to upgrade to XP for it's extra features.
    Friday, October 24, 2008 11:24 AM
  • sorry to bump, but please, is there anyone else with some insight into this?  it really is a ridiculous situation, I always thought not being able to map Samba shares to a different port was a bit frustrating, but now to block the workaround?  unbelievable.  please help, I'm really stuck without this.
    Saturday, October 25, 2008 11:06 PM
  • again, sorry to bump, but please, is there anyone who can help with this?  is there any workaround that's really viable, this is the last resort that I can turn to for any sort of resolution.
    Tuesday, October 28, 2008 11:58 AM
  • c'mon this is getting ridiculous, 4 days without a reply?  seriously...

    just look, google search,
    http://www.google.ie/search?hl=en&q=port+forwarding+445+vista&btnG=Google+Search&meta=&aq=1&oq=
    24, 300 results.

    links to where people are experiencing the exact same problem, with no current solution,
    http://erdelynet.com/archive/ssh-l/2007-12/3914.html
    http://osdir.com/ml/network.ssh.windows/2007-12/msg00011.html
    http://forums.techarena.in/windows-vista-network/1042227.htm
    http://help.wugnet.com/vista/Vista-SP1-breaks-SMB-port-forwarding-SSH-ftopict139211.html
    http://www.reviewingit.com/index.php/content/view/57/
    http://www.blisstonia.com/eolson/notes/smboverssh.php
    http://fixunix.com/ssh/263661-vista-patch-breaks-forwarding-port-445-a.html
    https://fogbugz.bitvise.com/default.asp?Tunnelier.2.8339.3
    http://blogs.msdn.com/wndp/archive/2007/03/19/winsock-so-exclusiveaddruse-on-vista.aspx
    http://www.eggheadcafe.com/software/aspnet/33143769/vista-sp1-breaks-smb-port.aspx

    please listen to your users and help us find a way to fix this.  if we could change the port for mapping a network drive from 445, that'd be the best option, but otherwise, can someone please try to help.
    Wednesday, October 29, 2008 2:24 PM
  • ... bump

    any admin willing to jump in here and offer some sort of assistance, or answer?  or will you all just keep completely quiet and leave every other operating system I've used offer this service, but Vista stay well short?  any chance... anyone?
    Friday, October 31, 2008 11:42 AM
  • and another bump

    I'll bump this every day that it irritates me that I can't use this feature, so please, any admin that wants to throw their hat in to help, that'd be hugely appreciated.
    Sunday, November 02, 2008 10:43 PM
  • I'm experiencing the exact same problem! I recently purchased a laptop with Vista SP1 pre-installed.  It replaced a laptop with XP SP2 that functioned perfectly using the loopback adapter SMB trick.  It just doesn't work with the Vista OS.

    I need a work around or fix for this deficiency in Vista soon.  I use SMB tunneling through SSH on a daily basis.


    Monday, November 03, 2008 1:09 AM
  •  JSB2008 wrote:
    I'm experiencing the exact same problem! I recently purchased a laptop with Vista SP1 pre-installed.  It replaced a laptop with XP SP2 that functioned perfectly using the loopback adapter SMB trick.  It just doesn't work with the Vista OS.

    I need a work around or fix for this deficiency in Vista soon.  I use SMB tunneling through SSH on a daily basis.


    well, JSB how about we join forces and persist with bumping this thread every time we're frustrated that we cannot use this feature?  I might even go around to a few more forums where people are still suffering from this farcical situation.  I'm sure if enough people stand up, we may actually be counted... stranger things have happened.
    Monday, November 03, 2008 2:02 AM
  • Seaders, if I bumped the thread every time I was frustrated about this, it would be every fifteen minutes! Seriously, most of my business is based upon support via remote access.  Having remote drives accessible via SSH is an essential part of that support!

    It's frustrating that I can no longer unbind and forward this simple little port! I purchased my new Vista Laptop with SP1 already integrated, so I cannot "undo" the changes introduced by KB942624.

    At this point, I have three choices: 1) Downgrade to Windows XP.  2) Hope and pray that, somehow, Vista SP2 includes a fix for this [I know, fat chance of that!] or 3) Hope that someone determines what files/structures KB942624 modifies and finds a way to "unmodify" them.

    By the looks of it, that someone isn't going to be Microsoft.
    Monday, November 03, 2008 9:13 PM
  • I completely understand ya, JSB, I'm half saved by the fact that Subversion has a svn+ssh access, and you can plug a lot of programs into that, otherwise I would be driven absolutely mental by this.  I think it's a crazy situation overall.  I thought the original problem, that you couldn't map a samba share to another port, other than 445 was crazy, but with the workaround that was forgotten, but to now get rid of that is just ridiculous.

    bump, bump, bump, bump, until someone listens and responds, get ready for more bump, bump, bumps.
    Monday, November 03, 2008 11:11 PM
  • bump... any chance of some help?
    Wednesday, November 05, 2008 9:58 AM
  • bump, bump, bump, bump
    Thursday, November 06, 2008 8:02 PM
  • Seriously, does anyone at Microsoft have any suggestions on how to repair this? Is it unrepairable due to some kind of security hole that the KB patch closed? Would revealing a solution compromise the patch in some way? Is anyone even looking to help resolve this for us?

    At least tell us one way or the other.
    Friday, November 07, 2008 4:58 PM
  • I believe it will be very hard to fix this, but not due to technical motivations but because of political ones.
    See or better yet, hear:
    http://www.twit.tv/floww14

    Yes, I've been also hit with this issue. MySQL, VNC, HTTP, all tunnel nicely except for samba with the virtual loopback adapter.
    sigh
    Friday, November 14, 2008 10:01 PM
  • cheers for that, mapmike, interesting stuff.  well that's slightly better, knowing that it's not just laziness / an oversight / an inability, it's sheer meanness for people who use this system, due to some peoples egos being hurt... great, just f'ing great.
    Saturday, November 15, 2008 7:18 PM
  • Hi.

    I have the same problem with my Vista Business SP1. I use the SMB tunneling over SSH whithout problems with XP, but I can not do this in Vista because tunnels on ports 128 and
    445 for the loopback interface are not established. I have been searching some documentation about how to resolve this problem, but I have not found anything.

    Regards,
    Paco.
    Saturday, November 15, 2008 7:30 PM
  • Okay...thanks to theultramage's insight and a bit of experimentation, I may have stumbled upon a workaround: Try this (but create a system restore point, do a backup, and cross your fingers first!):

    1) Go to "Device Manager" select View and enable "show hidden devices."
    2) Expand "Non-Plug and Play Drivers" and set "Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)" to start on demand.
    3) Reboot
    4) Bind port 445 with your application.  I used Putty and bound my local loopback addresses on ports 139 and 445 to the tunneled IP addresses' ports 139 and 445 on the remote network.
    5) Start the "Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)" driver.
    6) Browse the remote shares like you used to do before KB942624.
    6) Celebrate! We just found a way around the Port forwarding 445 for SMB and SSH problem!


    I tried this on two different Vista machines: One with the KB942624 patch applied and the other with SP1 integrated in.  It worked on both.  No blue screens or any other quirks that I could see.

    Only problem is that you must bind the port before starting SMB.sys each time you start Windows.  You can't stop the device once it's started (or at least I couldn't).

    Again, I didn't come up with this approach on my own.  Theultramage's post pointed me in the right direction.


    Sunday, November 16, 2008 1:35 AM
  • JSB, you're an absolute and utter legend, totally.  just tried it there and it worked first time, perfectly.  I had all but given up hope.  seeing now how it's being blocked gives more credence to what mapmike was saying, literally MS wanted to f' about with people who used this system, no matter who it harmed.  well, we'll certainly see their intentions if this workaround is blocked with an update.  shocking state of affairs, but great to have a solution.  thanks again, fella Big Smile
    Wednesday, November 19, 2008 10:41 AM
  • My Windows XP SP3 is showing the same symptoms as Vista, however there is missing the service that is in the Vista Workaround. Is there anyone that has gotten it to work? I'm willing to disable filesharing but even then my port 445 is still in use unless I disable the netbios driver which keeps me from accessing anything on the network.

     

    Any clues?

    Thanks,

    Vincent

     

    Monday, November 24, 2008 9:29 PM
  • jaysus, they've done it to XP now too?  that is just disgraceful, what a pathetic excuse for a company.  others spend their time trying to get alternative OS's to work nicely with Windows and then someone at a high enough level decides that's too much of a threat and do everything to f**k it up.  brilliant, top work there MS.

    pathetic.

    sorry I can't help ya Vincent, the only solution I've found is this one from JSB, but as you said, if that service isn't there in XP, there's no way I know of to fix it.
    Tuesday, November 25, 2008 12:57 AM
  • Hello!

    Unfortunately I've same problem:
    My client is windows xp, with SSH connection and tunnel. The server is win 2k3, here is the sharing folder, which I want to connect.
    I've tunneled 139 and 445 port and in the putty log I see the following:
    "Event Log: Local port 10.0.0.1:445 forwarding to gery.no-ip.org:445 failed: Network error: Permission denied"
    The 139 port is OK.
    I found your comment and I tried to do this procedure. But unfortunately I didn't fount
    "Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)" under Non-Plug and Play Drivers. :-(( How can I find it? Or how can I add it under Non-Plug and Play Drivers?

    Thanks your help beforehand!

    Thursday, November 27, 2008 10:08 AM
  • See again my original topic for an explanation why the same steps won't work with the current windows XP.

    Short summary: on XP if the "bind to all interfaces, port 445" action fails, the netbt.sys driver crashes and takes the whole OS down with it. Most likely just a missing return value check. Seems they fixed it in Vista though.

    Why couldn't they just let the user specify which interfaces he wants to use and which to leave alone...
    Thursday, November 27, 2008 3:39 PM
  • I'm in the process of setting up a test machine with Windows XP Pro patched to SP3 so I can examine the problem in detail.  I have a few things I'd like to try which may provide a workaround similar to the one for Vista.

    With the holidays, I'm running a bit behind.  Standby!

    Update: Okay, I poked around with Windows XP SP3.  Surprisingly, an old fix from the days of Windows NT did the trick:

    1)
    Create a system restore point, do a backup, cross your fingers, yada yada yada.
    2) Run Registry Editor (Start, Run, regedit, click okay).
    3) Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
    4) Right click in the rightmost pane, select NEW,  DWORD value.
    5) Name it SmbDeviceEnabled (Case sensitive: The S,D, and E are capitalized.  Everything else is lower case.  No spaces in between!)
    6) It should default to a value of 0x00000000 (0).  If for some reason it doesn't, set it to 0.
    7) Reboot.
    8) Bind port 445 with your tunneling application (again, I use putty.)
    9) Browse your remote shares like you used to do before Windows XP SP3.
    10) Celebrate:
    We just found a way around the Port forwarding 445 for SMB and SSH problem!
    Friday, November 28, 2008 4:44 PM
  • Your procedure didn't work on XP SP2 nor SP3 when I just tried it. Looks like the OS is completely ignoring the setting. Did you miss something?
    Saturday, November 29, 2008 10:03 AM
  • I don't think so: In fact, I tried toggling SmbDeviceEnabled to 1, rebooted, and found port 445 bound by the OS again.  Toggling it back to 0 and rebooting promptly unbinds the port again.  I tried it on two separate XP Pro SP3 systems with identical results.

    There must be some subtle difference in our systems.  Here's the essence of my test systems:

    1) Windows XP Pro SP2 upgraded to SP3 using WindowsXP-KB936929-SP3-x86-ENU.exe
    2) A loopback adapter configured as follows:


    IP addresses 10.0.0.1 and 10.0.0.2, subnet masks 255.255.255.0, no gateway, no dns.  Client for Microsoft Networks and Internet Protocol (TCP/IP) enabled, File and Printing Sharing for Microsoft Networks disabled. Netbios over TCP/IP disabled.

    3) Putty connecting to an SSH system with following tunnels:

    10.0.0.1:139 to 192.168.99.1:139
    10.0.0.1:445 to 192.168.99.1:445
    10.0.0.2:139 to 192.168.99.6:139
    10.0.0.2:445 to 192.168.99.6:445

    4) SmbDeviceEnabled added to registry and set to 0 as described in previous post.

    Incidentally, plain Windows XP Pro SP2 should work without any special modifications.  SP3 introduced the 445 binding issue.  If port 445 is locked and bound by the OS on an unpatched XP2 system then something else is going on.
    Saturday, November 29, 2008 1:48 PM
  • JSB2008's vista recipe works nicely.  You can also start the "Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)" from the command line (make sure you run cmd prompt as administrator) using:

    net start smb

    (e.g. if you want to create a batch file to open your ssh tunnels [4] and then start this service [5]).

    Once you have SMB started with your loopback interface "masked" from it you seem to be able to unbind and bind to port 445 on your loopback interface without any problems.  So for example if your SSH tunnels break due to a network glitch you should be able to remake them without having to go through the whole process of rebooting and starting the SMB service.

    That makes me suspect that temporarily binding any application to ports 139+445 (possibly just 445) on the loopback  interface you don't want the SMB service to hog before starting the SMB service may suffice. 

    Sunday, December 07, 2008 10:48 AM
  • Vista users - once you have set your SMB service to manual startup, you can run it from a wrapper script that masks port 445 first.  For example if you have perl installed you can create a perl script to mask the port and start it:

    use Socket;

    my $protocol = getprotobyname('tcp');
    my $addr = inet_aton('10.0.0.1'); #loopback address
    my $port = 445;
    my $dest = sockaddr_in($port,$addr);

    #Mask port 445 on loopback interface
    socket(SOCK, AF_INET, SOCK_STREAM, $protocol) or die("Can't create socket - $!");
    bind(SOCK, $dest) or die("Can't bind socket - $!");
    listen(SOCK, SOMAXCONN) or die("Can't listen - $!");

    #Start evil hoggy service
    system("net start smb");

    #Shield the port for 5 sec to give it time to start
    sleep(5);

    #Release port
    close SOCK;

    Run this as administrator after your machine starts up and then you can start your SSH tunnels whenever you need to.
    Wednesday, December 10, 2008 12:01 AM

  • Hello,

    i've been trying to get this to work for a couple of weeks now, and this thread is the first i've seen in that time that gives me hope!

    I still haven't been able to get this to work though (VISTA SP1.)

    I will eventually be trying to map folders on a NAS drive, but for now i'm trying to just map my folders on my web server (paid web hosting).

    I have SSH access through port 6024, and followed the instructions, disabling the SMB service at startup, using putty to connect to my web host (on port 6024) forwarding ports 139 and 445 from my loopback adapter (IP: 10.0.0.1), which i can see the port forwarding working from the putty event log, then enable the SMB service again.

    However, when i type:

    net use * \\10.0.0.1\home\smagru

    into the cmd line, i get 'error 64: the specified network name is no longer available'. Any ideas what thats about?

    I did add the following to my lmhosts file:

    10.0.0.1 MYFTP #PRE

    an nbtstat -c shows the netbios name cache table for my loopback adapter, although interestingly that adapter has a node ip address of 0.0.0.0. I am waiting to here back from my web hosts with more information on the samba or smb service running on the remote server.

    Is this a naming problem now? Or do i need to forward some more ports, 138 and 137 perhaps? as they appear to be for the netbios naming service?

    Cheers.
    Wednesday, December 10, 2008 12:57 PM
  • I really appreciate your posting. It works!!!

    Wednesday, December 31, 2008 5:14 AM
  • While this solution is bloody freaking awesome, can we have Microsoft fix this?

    It's bullshit that we have to hack the OS to do something that can easily be fixed by a simple patch!

    And why does 'net stop smb' not work?
    Friday, January 02, 2009 11:02 AM
  • Has anyone had any luck tunnelling from a WinXP SP3 machine to a Vista SP1 machine which is running CopSSH?  Port forwarding looks like it's working, but the Putty event log shows that the Vista box is refusing to accept anything coming in on port 139.

    I get this once connected when trying to access the share via Start -> Run -> \\192.168.0.50\ :  "2009-07-03 13:16:21 Forwarded connection refused by server: Connect failed [Connection refused]"


    I was previously getting the permission denied error for port 445, but the reg fix seemed to sort that for me.

    Any ideas?
    Friday, July 03, 2009 12:19 PM
  • I had a workaround (based mainly on the information above, see http://petersteier.wordpress.com/), but Vista Service Pack 3 has this broken again. If somebody finds another workaround, please post it here.
    Wednesday, August 12, 2009 4:52 PM
  • Correction: I mean Vista SP2 for sure. Actually, the solution was relatively simple: the installation has just set the "Message Oriented ..." service to "System" again instead ot "On demand". When I set it back, everything works again.
    Wednesday, August 12, 2009 8:43 PM
  • Bump!

    I just wanted to bump this thread because I am having an issue with using an XP SP3 client to connect to my remote Vista SP2 host file shares. I followed the solutions listed above and it works for Vista SP2 > XP SP3 and XP > XP but it will not work from XP to Vista.

    Here is my setup

    Loopback adapter – 10.0.0.1 (Net Bios disabled + Only TCP enabled)
    Using Putty I have forwarded 10.0.0.1:139 to remoteip:139 and 10.0.0.1:445 to remoteip:445. I know Vista does not use port 139 but rather port 445 for Smb sharing. I have tried different combinations of things including forwarding 10.0.0.1:139 to remoteip:445 but nothing has worked.

    Hope that all makes sense. Is there something I need to change on Vista to allow it to connect?

    Appreciate any help :)


    Also I am not positive on how to "bind" the ports to putty in Vista. I have it set in a batch file to launch putty on startup and then start the smb but it kind of gets annoying for session shell window to pop up everytime I launch windows. Any workarounds?
    • Edited by bradbogy Sunday, August 23, 2009 3:11 PM
    Sunday, August 23, 2009 3:08 PM
  • Anyone else having an issue connecting from XP sp3 through SSH to a Vista sp2 remote host? I can connect to the Vista PC but I cannot access any of the shared files or folders.

    I'm dying to figure this out. Did everything I could for like 6 hours yesterday with no success. Hopefully someone has a solution.
    Sunday, August 23, 2009 9:55 PM
  • Here is what I just tried and it still failed.

    I have the registry setting on SmbDeviceEnabled to 0

    Loopback adpater IP 10.0.0.2 (Net Bios disabled and Microsoft Network and File and Printer Sharing disabled leaving only TCP/IP enabled.)

    Using putty I am forwarding 10.0.0.2:139 to destination IP of 192.168.1.10:139
    and forwarding 10.0.0.2:445 to destination IP of 192.168.1.10:445

    Now the Putty session connects fine with no errors.

    When I got to Start > Run > and type \\10.0.0.2\

    It comes up "Windows cannot find \\10.0.0.2\ Check the spelling and try again.

    Now when I do the same thing from XP client same settings to another XP remote host it works just fine. It just wont connect to files shared on Vista remote host why is that?
    Sunday, August 23, 2009 10:07 PM
  • Bump! I need to find the solution. Can someone help?
    Thursday, August 27, 2009 4:40 PM
  • Bump! Anyone know how to get windows file sharing to work from an XP sp3 client to Vista 64 remote host file shares over SSH?
    Saturday, August 29, 2009 5:16 AM
  • I wrote an application for Vista (also SP2), Windows 7 and XP (also SP3), which is able to free the port 445 and 139 on localhost. So you can map it via putty. Look at http://www.sshvpn.de/.

    Please report if the program works for you!
    • Proposed as answer by pRiVader2 Saturday, February 27, 2010 4:34 PM
    Monday, August 31, 2009 12:34 AM
  • http://www.sshvpn.de/ Worked great on XP SP3.

    I use ssh on daily basis, while recently a update made the ssh forward to an loopback adapter impossible. Spent some days tried do fix it without any luck.
    With the above there is no need to install extra loopback adapter as port forwarding runs on 127.0.0.1

    Just want to say.
    Awesome job very appreciated. Thanks man!
    Monday, September 07, 2009 9:53 AM
  • Count your selves semi lucky with Vista. I'm on Windows 7 now,  low and behold the "Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)" device is no longer in the device manager,

    But not to worry the tool from
    http://www.sshvpn.de/ makes everything I need work well :)
    Tuesday, September 22, 2009 9:37 PM
  • I wrote an application for Vista (also SP2), Windows 7 and XP (also SP3), which is able to free the port 445 and 139 on localhost. So you can map it via putty. Look at http://www.sshvpn.de/.

    Please report if the program works for you!
    I see and .exe but no information.
    How does this work - what will this program do to my PC?
    Thursday, September 24, 2009 9:20 PM
  • pRiVader,

    thank you so much for your effort. Your application works fine on Win7 6.1.7600. Checked by telnetting to mapped ports and saw packets TX and RX on REMOTE.

    However, using "net use \\127.0.0.2\c$" I've got no packets on REMOTE, and subsequently, error 53 on LOCAL.
    The setup: "MS client" enabled, "File and printer sharing" disabled, firewall opened for "allow ip from 127.0.0.2 to any" and "allow ip from any to 127.0.0.2".
    This means, that other "M$ magic" involved.

    Can anyone reproduce and post here?

    Later on, I found out, that MS networks client is unable to connect to addresses other than 127.0.0.1 or which were bound to real interfaces(devices) like MS loopback. Therefore if you use multiple simultaneous tunnels to various remote machines, the only option is to install MS loopback device, cofigure approptiate quantity of addesses on it and map each remote machine to it's own local address, and configure tunnel in each putty session something like local: 10.0.0.1:445, remote remote1:445, local: 10.0.0.2:445, remote remote2:445, etc. However, this works only for SMB sessions, beacuse mapping other ports in this way doesn't work. If you want to map ports other than 445, use 127.0.0.x addresses.
    • Proposed as answer by Ludenus Sunday, November 01, 2009 12:44 AM
    • Edited by Ludenus Sunday, November 01, 2009 1:05 AM
    Wednesday, October 21, 2009 8:02 PM
  • Hello - I've been reading this thread, trying to get the same issues working.  I have samba working on my local network, but can't connect remotely via putty at all. 

    I've run this sshvpn.de program, but to no avail.  (Using Vista on remote computer.)  I have putty configured to map ports 139 and 445 from 10.0.0.1 to my DynDNS host name.  (e.g. XXX.dyndns.org:139).  My puTTY terminal sessions work perfectly, so I know I can connect...  Any thoughts?  Am I missing something?  Do I need the loopback adapter if I use this sshvpn.de program?  Or, should I put 127.0.0.1 into my putty session? 

    I'm pretty noobie to this, so I appreciate any help!

    PistolPLC
    Thursday, October 22, 2009 1:12 AM
  • Hi pRiVader,

    First of all, thank you for your effort.

    I tried your LocalSMB.exe on Windows 7.  It has installed an exe ApplicationProxy as a service on the system.   However, I found that the "Server" service got disabled and I cannot browse shares on the local machine.

    It seems that just by disabling the "Server" service and reboot, the ports 139 and 445 on 0.0.0.0 are not binded by the system, without installing your LocalSMB.exe.   Can you explain a little bit more on your exe??  Is it trying to bind ports 139 and 445 using a service daemon?  Why need to disable "Server" service?
    Sunday, November 08, 2009 1:46 AM
  • Hello pRiVader,
    Man I love you !!!
    Your program works great: now I can access samba shares with putty
    via tunnelling under windows 7 !!
    Maybe there are side-effects but I don't mind.
    Thanks, thanks and thanks again !
    Chris
    Tuesday, November 17, 2009 3:53 PM
  • I forgot my damn windows live id... I have a cachall email domain and can't remember which userpart I did use. It sucks that you can't find out what is have been... Does anybody have an idear how to find it out?

    My tool manages that there are NO SIDEFFECTS. Yes, it installs a service and it looks as if one would be deactivated. But it manages that it is still as before - also that all services get started as before! It don't harm anything: You still have shares in your networks and also everything else is as before. Just 127.x.x.x is free on port 139 and 445 so you can use it.

    The behavoir on Windows7 is, that Microsoft removed the support of the network 127.x.x.x and now only supports just one adress instead of a network: 127.0.0.1. This is a bug of M$, they break with this the ip standard but - as allways - they don't care about RFCs and standards.

    You have to use for this case multiple virutal network cards.

    In the next weeks you will find on my homepage http://www.sshvpn.de/ a free software which allows you to tunnel via SSH (Putty) or a own SSL VPN your shares as well as DNS, TCP and UDP traffic without any installation or admin rights on windows.

    Stay tuned!
    Saturday, February 27, 2010 4:40 PM
  • Hi pRiVader2

    Your program works like a charme (Windows 7, putty ssh tunnel)! I spent days to get a CIFS connection running. Your program was the final missing piece in the whole story. I am looking forward for the next version of your program.

    Cheers

    it-art

    Monday, March 22, 2010 2:42 PM
  • Count your selves semi lucky with Vista. I'm on Windows 7 now,  low and behold the "Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session)" device is no longer in the device manager,

    But not to worry the tool from
    http://www.sshvpn.de/ makes everything I need work well :)

    Another solution for Windows 7 (that doesn't involve running a .exe from a 3rd-party site) is to disable the "Server" service.  Specifically: Computer -> Manage -> Services and Applications -> Services.  Within that, there's a service named "Server" with the description "Supports file, print, and named-pipe sharing over the network for this computer. ..."

    Just stopping the service wasn't sufficient, but when I set it to startup: Disabled and rebooted, Windows 7 was finally not listening on port 445.  I was then able to forward port 445 over ssh and successfully connect to a samba drive.

    This does mean you can't share files/etc. from the machine, but if you're using a loopback adapter to handle the SMB (139/445) forwarding, you can enable and start the "Server" service once your ssh tunnel is started.  I'm running like that right now, and I'm both connected to samba over ssh and able to act as a server for file sharing.

    For reference, this is on Windows 7 Pro x64.

    • Proposed as answer by Gausebeck Monday, May 17, 2010 7:41 AM
    Monday, May 17, 2010 7:40 AM
  • Hi Gausebeck,

    thanks for your post. Your solution worked great for me. I tried it on Windows 7 Enterprise x86.

    Could you please tell us something more about "but if you're using a loopback adapter to handle the SMB (139/445) forwarding, you can enable and start the "Server" service once your ssh tunnel is started"?
    I installed a loopback adapter and assigned the ip-address 192.168.199.5 to it. In PuTTy I configured a new tunnel to forward 192.168.199.5:139 and 192.168.199.5:445 to server1-IP:139 and server1-IP:445. Is it this what you did, too?

    And one more question. As far as I see this solutions provides only the possibilty to map shares on the one server only. Do you have an idea how to map shares on different servers?

    EDIT: I found a very simple but not very elegant way to map shares on different servers. One loopback adapter per destination-server allows this. If someone has a more elegant idea, please post it.

    Thanks again and have a nice weekend.

    • Edited by nidzovan Friday, May 28, 2010 7:36 AM Update - see "EDIT"
    Friday, May 28, 2010 7:08 AM
  • I recently had to do exactly that for various machines. I wrote a tutorial on my findings, http://alirezabagheri.com/blog/?p=67, which may help.

    • Proposed as answer by AlirezaB Thursday, July 01, 2010 8:27 AM
    Thursday, July 01, 2010 8:26 AM
  • Indeed, it is possible to disable the "Server" service, and Gausebeck is correct in saying that if you do that it is possible to forward port 445 over SSH via the loopback adapter. You can then also manually start the "Server" service (and "Computer Browser"). However, having done that I can no longer access locally served file shares (I get "Login failure: The target account name is incorrect."), and the shares are not available to other computers on the LAN. Note that I am working in a domain environment. Does anyone have any experience of this?


    Thursday, May 05, 2011 9:55 AM
  • I have posted for a similar need elsewhere on the TechNet forums.  In my case, I KNOW what the problem is.

    The ISP is actively blocking traffic on port 445 and states as much on their website.  This is supposedly to provide some amount of security against the spread of some Internet Worms.  It also has the effect of preventing mapping to a shared resource on a remote network server whether or not I use a VPN.

    Without rehashing all the details, there is a very simple fix for this if you are in the same situation.

    $$$

    All you have to do it pay the ISP for a business service connect and suddenly your problems are over.  We have specifically tested this on Comcast so I cannot say if true for others.  This would have the effect of allowing any "business" to have no problems connecting to other "businesses" but if you want to do a little work from home you better find a good Cloud provider. 

    As hard as that may be to believe, we actually had on employee who got fed up with it since she could connect with no problem to a mapped drive with her laptop connected to her Cellular Router (a MiFi unit) but the same setup failed using her home internet.  She volunteered to pay the price to see if a Business connectin would solve the problem. 

    It did.  Immediatley and with no fanfare, she was able to map just as she could before all this port blocking mess.    The whole thing began about 3 years or so back.  Before then, Zero problems. 

    I might add that she is in Delaware and the home office is in Florida.  Access to the mapped drive was almost as fast as if it were local in her system.  The same setup using any type Cloud provider can't even come close to the speed and performance.

    So If you find a way to get a drive mapped without use of port 445 please post it!. 

    Let me also add that we were using a VPN to a static IP on our end.  The VPN would always connect but mapping the drive always failed.  In the past month, we have had the largest cable provider in this area also join the pack with this port 445 block.  Now half the office cannot work from home unless they pay the $$$ for a business connection.  Yet they were working fine a few weeks back  same systems, same software.

    I have been told that a VPN will ALWAYS pass port 445 but I find that not to be true in every case I have tested.  I tried multiple VPN configurations with the same results. mAny port testing software always shows the reason for failure is a lack of data transmission on port445 to support SMB in Windows

     


    • Edited by Questorfla Saturday, April 12, 2014 1:33 AM spelling
    Saturday, April 12, 2014 1:29 AM