From owner-freebsd-questions  Wed Feb 27  8:30:48 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mail1.home.nl (mail1.home.nl [213.51.129.225])
	by hub.freebsd.org (Postfix) with ESMTP id EEADF37B41D
	for <freebsd-questions@freebsd.org>; Wed, 27 Feb 2002 08:30:35 -0800 (PST)
Received: from ws2 ([217.120.114.216]) by mail1.home.nl
          (InterMail vM.4.01.03.00 201-229-121) with SMTP
          id <20020227163034.WMNN18485.mail1.home.nl@ws2>
          for <freebsd-questions@freebsd.org>;
          Wed, 27 Feb 2002 17:30:34 +0100
From: "Bas v.d. Wiel" <bas@kompas-media.nl>
To: <freebsd-questions@freebsd.org>
Subject: SMB over IPSEC with filtered ports still possible?
Date: Wed, 27 Feb 2002 17:30:44 +0100
Message-ID: <LOEJICFDGCPPJOMJCJKDIEDECHAA.bas@kompas-media.nl>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello everyone,
This question may have been asked before, but I couldn't find any reference
to my problem on google or in the archives.
I'll soon be building a VPN between two locations of a small company. The
main location uses fully open ADSL while the second location uses cable
(residential service due to lack of alternatives) to access the net. This
cable connection has its tcp port 139 filtered at the upstream router.
I've read a few articles on VPN using IPSec on FreeBSD and I think I'll
manage setting this up for mail and the like since those ports are
unfiltered. The articles however don't mention any restrictions on either
end of the pipe and how to deal with such a situation.
I'd like to be able to have my Windows network clients browse and use
resources on either side of the tunnel. With tcp port 139 being filtered on
one end, and my ISP unwilling to remove the filter, I'm worried.
Is there a way to circumvent this? Should I redirect port 139 to some high
port between the gateways? My servers are all FreeBSD (4.5 RELEASE) running
Samba 2.2.2 so it's possible to set the listening port differently on them,
but will my Windows 2000 clients be able to adjust their ports as well? I've
read something about changing lines in an inetd.conf-like file called
'services' inside Windows' main directory, but I have no such file. Should I
create it myself and have it contain only exceptions from the defaults?

Any help on this subject is very welcome.

Thanks in advance,

Bas v.d. Wiel


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message