what ports need to be opened on a firewall to setup a file server in Windows 2008 server?
What ports and traffic do I need to allow to setup a file server in Windows Server 2008?
October 18th, 2010 3:17pm
Depends on what this server is going to be doing. Is it joined to a domain? You will need to provide specific details on what you want it to do and what it has to communicate with.
--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergs
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
October 18th, 2010 3:30pm
Yes it is part of a domain. Other users on their own computers will be accessing files from this file server. They will be reading and saving files to it.
Also this server will robocopy data to a backup server.
Also remote desktop for admins to connect to the server for administrative tasks.
That is pretty much it.
Any help is appreciated.
October 18th, 2010 5:16pm
Hi,
Thank you for your post here.
You don't have to know the specific ports involved in the SMB/CIFS file sharing. In Windows Server 2008 Windows Firewall with advanced security, there
is a set of inbound File and Printer sharing firewall rules. You will need to enable those rules in Domain profile and disable other non-core rules if you want to tighten the network security on the server.
Free Windows Admin Tool Kit Click here and download it now
October 19th, 2010 1:45am
I agree with Miles' comment regarding the firewall rules in Windows Server 2008, but just to add some additional info:
SMB: 445 (TCP) // File Sharing
RDP: 3389 (TCP) // Remote Desktop for Administration
I'd also check to see if you have NetBIOS over TCP/IP (otherwise known as NetBT) enabled. To check to see if you have NetBT enabled:
- open cmd
- type 'net config redirector '
if you have a line in there that reads:
Workstation active on
NetbiosSmb (000000000000)
NetBT_Tcpip_{..................}
then you have NetBT enabled. If so, NetBT uses ports:
137 (UDP)
138 (UDP)
139 (TCP)
Unless you have a need for NetBT (like legacy clients on the domain) you might want to
think about disabling NetBT:
1. Open the Network Connections folder and view available connections.
2. Right-click the connection that you want to configure, and then click Properties
3. On the General tab, click Internet Protocol (TCP/IP) in the list of components, and click the Properties button.
4. Click the Advanced button.
5. Click the WINS tab. Click Disable NetBIOS over TCP/IP.
October 19th, 2010 4:38am
SMB over IP - TCP/UDP 445
RDP - TCP 3389
DNS - TCP/UDP 53
WINS (?) - TCP 42
NTP - UDP 123
ICMP (Group Policy likes this)
High Ports - TCP 49152 - 65535 (Client will need to contact DC LDAP, LDAP GC, RPC DNS, Kerberos)
See http://support.microsoft.com/kb/179442/en-us for client details for AD
--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergs
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
October 19th, 2010 8:22am