Router pinhole for macOS File Sharing?

Internet access discussion, including Fusion, IP Broadband, and Gigabit Fiber!
7 posts Page 1 of 1
by knethery » Sun Aug 01, 2021 6:01 pm
Have 1GB fiber going to a Pace 5268AC router. Behind the router, on ethernet, I have a Mac Mini designed and configured to be a File Server. Haven't figured out which ports and protocols I need to open up as a "pinhole" so that a client mac elsewhere on the internet can smb://<ip address> to the current dynamic address of my router and do File Sharing on the Mac Mini.

On the client mac, the interface is Finder / Go / Connect to Server...

For File Sharing I opened TCP 137-139 and TCP 445 on the Mac Mini server but that seems to be inadequate.

I am able to SSH into the Mac Mini server because I have opened a pinhole for TCP 22

I am able to do Screen Sharing into the Mac Mini server because I have opened a pinhole for TCP 5900

What pinholes (protocol and ports) are needed through the Pace router for an smb:// connection into my Mac Mini file server?
by knethery » Tue Aug 03, 2021 5:04 pm
New update. I've opened all the ports from 1 to 16000 (both TCP and UDP) to point to the mac mini. Still not able to do file sharing. Is there something in the Pace router that prevents file sharing?
by u3zmsm » Tue Aug 03, 2021 6:03 pm
If it's not the router or Sonic, it might be the remote ISP that’s blocking SMB.

In the early 2000s, to protect their customers from malware that exploited vulnerabilities in Microsoft Windows related to SMB and NetBIOS over TCP, many ISPs started blocking TCP and UDP ports such as 135, 139 and 445. AT&T and Xfinity (Comcast), for example, both disclose that they still do so.
by knethery » Wed Aug 04, 2021 2:23 pm
Having the ISP block SMB is worth testing. Both my connections are Sonic, sort of.

The server is on a Sonic Fiber connection.

My home (where I'm trying to make the connection from) is a bonded pair DSL connection but me thinks it is using AT&T infrastructure. So perhaps the underlying AT&T infrastructure is blocking SMB port 445?

Any ideas how to test to see if my home computer can connect to a port 445 somewhere out there in the world? Or is there anyone at Sonic that actually knows if SMB is blocked on my home connection?
by knethery » Wed Aug 04, 2021 2:29 pm
This blocking of port 445 by the ISP is beginning to sound legit.

In terminal:
nc -vz <hostname> 444
port 444 (tcp) failed: Connection refused
nc -vz <hostname> 445
port 445 (tcp) failed: Operation timed out
nc -vz <hostname> 446
port 446 (tcp) failed: Connection refused

My mac mini immediately refused the connections to the ports around 445 (SMB). But for port 445, it takes a while and I get a timeout. This kind of makes the idea of running my own file server kind of difficult. And sounds like a new router is NOT going to help. This sucks. Thank you for providing this clue.
by knethery » Wed Aug 04, 2021 2:46 pm
I turned on DMZplus in the Pace 5268AC so that there is nothing between the fiber connection and my Mac mini server (the server has the DHCP address of the router). And that too does not allow connections to port 445.

My next attempt will be to put in a port number reassignment pinhole (or whatever it might be called). Idea being that I'll do smb://<hostname>:<port other than 445> on my laptop. Then in the Pace router, tell it to forward connections to that non-445 port to 445 on my server.

Will pick a port number (other than 445) and then configure the Pace 5268AC router.
by knethery » Thu Aug 05, 2021 12:46 pm
Yes, some ISPs block some ports. The solution was to create a pinhole that assigned a port in the router to forward to the SMB port 445. The ISP at my home appears to block port 445. I was able to test it in Terminal using:

>nc -vz <hostname> 444
nc: connectx to <hostname> port 444 (tcp) failed: Connection refused
>nc -vz <hostname> 445
nc: connectx to <hostname> port 445 (tcp) failed: Operation timed out
>nc -vz <hostname> 446
nc: connectx to <hostname> port 446 (tcp) failed: Connection refused

When I created a pinhole for 4455 (and unused port) to forward to port 445 on my Mac mini, and I tested it, it worked.

>nc -vz <hostname> 4455
Connection to <hostname> port 4455 [tcp/ddm-rdb] succeeded!

Test to see if a port is being blocked by the ISP. If needed, assign a different port that is not being blocked.

The actual connection URL is now:
smb://<hostname>:4455

Thank you for the clue that ports might be secretly blocked. That was the key to getting this to work.
7 posts Page 1 of 1

Who is online

In total there are 9 users online :: 2 registered, 0 hidden and 7 guests (based on users active over the past 5 minutes)
Most users ever online was 999 on Mon May 10, 2021 1:02 am

Users browsing this forum: Bing [Bot], Google [Bot] and 7 guests