Add NetBios Exception to Windows XP Firewall

My SonicWall TZ150W network is configured such that the wired LAN lives on 10.10.7.0 and the wireless WLAN lives on 10.10.6.0.

Due to the fact that the LAN is on a different subnet than the WLAN, Windows XP Firewall blocks (by default) NetBios – more specifically, I am unable to connect to a computer that lives on the wired LAN from a computer that lives on the wireless LAN by the name of the computer. I am forced to use the IP Address of the computer(s) in order to connect to it.

Example:
Computer1 on the wired LAN has been given (via DHCP) a LAN IP of 10.10.7.100.
Computer2 on the WLAN has been given (via DHCP) a WLAN IP of 10.10.6.100.

When Computer2 attempts to connect to Computer1 in Windows Explorer via "\\Computer1", an error message is thrown that states:

Windows cannot find \\Computer1. Check the spelling and try again, or try searching for the item by clicking the Start button and then clicking Search.

The cause behind the error message is due to the Windows Firewall on Computer2 blocking NetBios. Since the firewall is blocking NetBios, Computer2 is unable to receive the broadcast of Computer1’s name.

To resolve this problem we need to add an Exception to Computer2’s firewall.

  1. Click Start > Run, type “firewall.cpl”, then hit OK.
  2. Click the Exceptions tab
  3. Enable the checkbox for “File and Printer Sharing”

    The File and Printer Sharing service uses NetBios and, therefore, includes the NetBios ports (UDP 137, UDP 138, and TCP 139).
  4. Click “File and Printer Sharing” so that it his highlighted, then click the “Edit” button.
  5. The “Edit a Service” window displays the ports that you will be allowing through the firewall – TCP 139, TCP 445, UDP 137, and UDP 138). Notice, however, that the Scope is defined as “Subnet”. This means that the firewall will only allow traffic for these ports if and only if the traffic is within the same subnet (i.e.  the WLAN on 10.10.6.0). We need to change the scope to allow for the LAN on 10.10.7.0 as well.

    Continuing on…
  6. For each port in the “Edit a Service” window you will need to do the following…
  7. Select the service Name, then click the “Change scope…” button
  8. Click the “Custom list:” radio button, then enter 10.10.6.0/23.
    This syntax resolves to 10.10.6.0/255.255.254.0 which means that the minimum IP can be 10.10.6.1 and the maximum IP can be 10.10.7.254. In other words, we are configuring the service to allow traffic through the firewall for anything that lives on the WLAN and the LAN. If your subnets are different than this example, you may find the IP Calculator to be a helpful tool for you to figure out what your custom scope is.
  9. Remember to do the above step for each port that is specified in the “Edit a Service” window.
  10. Close out of the firewall and try to connect to “Computer1” from “Computer2” by simply entering the “Computer1” name in the address bar of Windows Explorer. – Note: You may have to wait a minute or two for the broadcast from Computer1 to transmit to Computer2.

Keep in mind that if you would like to be able to connect to Computer2 from Computer1 via NetBios, you will probably need to add an exception to Computer1’s firewall as well.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s