none
Accessing File Shares Over NAT

    Question

  • Hello,

    I am working with a client that set up a new sub net that uses hide NAT. When I try to access a file share on a server in a different sub net, I can only browse for a few seconds and then an error such as "Server service not started" or "network name no longer available" appears, and I can't browse folders on that server anymore (it has Server 2003 SP2). Netmon found that the connection was constantly being reset. If I reconfigure the same client (XP SP3) with it's original unNATed IP address, everything works fine, and the Windows firewall is disabled on both the server and client. Is there a trick to get CIFS or SMB or whatever to work over hide NAT?

    Thanks!

    Monday, April 22, 2013 8:19 PM

Answers

  • Hi,

    SMB uses a single session for a pair of IPs and all file transfer between these 2 IPs are made over this session. This makes the file transfer more efficient over the network. On the flip side, since only one SMB session is maintained, clients coming through NAT will have problems since all these clients are presented as a single IP to the server. With SMB, only a single session will be maintained and thus there is nothing unique for each client. This breaks the communication.

    We will need to use NetBIOS over TCPIP in place of SMB. This can be achieved by:

    1. Disabling SMB on the server or on all the client machines by setting the registry:
    Name: SMBDeviceEnabled
    Type: REG_DWORD
    Value: 0
    The location of the registry key is:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters. You may have to create this if not already existing.

    2. Block TCP port 445 for the segment accessing shares through NAT


    TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.

    • Marked as answer by wedqwdqwedwd Friday, May 10, 2013 3:10 PM
    Wednesday, April 24, 2013 1:05 PM
    Moderator

All replies

  • Hi,

    SMB uses a single session for a pair of IPs and all file transfer between these 2 IPs are made over this session. This makes the file transfer more efficient over the network. On the flip side, since only one SMB session is maintained, clients coming through NAT will have problems since all these clients are presented as a single IP to the server. With SMB, only a single session will be maintained and thus there is nothing unique for each client. This breaks the communication.

    We will need to use NetBIOS over TCPIP in place of SMB. This can be achieved by:

    1. Disabling SMB on the server or on all the client machines by setting the registry:
    Name: SMBDeviceEnabled
    Type: REG_DWORD
    Value: 0
    The location of the registry key is:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters. You may have to create this if not already existing.

    2. Block TCP port 445 for the segment accessing shares through NAT


    TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.

    • Marked as answer by wedqwdqwedwd Friday, May 10, 2013 3:10 PM
    Wednesday, April 24, 2013 1:05 PM
    Moderator
  • Thanks Shaon!

    1.) When you say "or the client" that means that making the change on the server is not required (as long as the clients are modified), correct?

    2.) Would the change need to happen on ALL the clients, or just the ones on the NATed subnet?

    Thanks again!

    Thursday, April 25, 2013 2:35 PM
  • 1. Yes.

    2. Just the affected ones on NATed subnet. Test on 1 client to see if it will work.


    TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.

    Monday, April 29, 2013 9:17 AM
    Moderator
  • Thanks again Shaon,

    Are both steps 1 and 2 necessary or is it an either or situation?

    Marc

    Monday, April 29, 2013 2:43 PM
  • Select one of the 2 steps. Step 2 is easier as a test.

    TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.

    Friday, May 3, 2013 8:36 AM
    Moderator
  • Thank you for you detailed answer. It works perfectly for me.
    Wednesday, February 12, 2014 2:31 AM