SECTION L - NetBIOS

1. Can CEQURUX Firewall/VPN be used to gateway NetBIOS? How secure is this?

   Yes, CEQURUX Firewall/VPN will gateway NetBIOS if you configure it to do so. No address translation or any other modifications are made to the packets, so the external hosts will need to be able to route to the internal hosts. Should you choose to do this, we advise you to only do it between internal hosts and hosts on the external leg, and recommend that you block all NetBIOS traffic at your router.

   You can add gateway packet filters to help constrain which hosts can do this gatewaying, if the normal mechanisms are insufficient.

2. How do I map a network drive to a shared resource on a Windows NT server that is behind a CEQURUX Firewall if I am on the outside of the Firewall?
   1. Firstly, setup the relevant permission on the NT server that you wish to access.
   2. Log in to the client machine as the same user that has the permission on the NT server.
   3. Edit the lmhosts file on the client machine (usually in c:\windows\) and add a line as follows:

      	aa.bb.cc.dd	SERVERNAME	#PRE

      (Where aa.bb.cc.dd is the Firewall's external IP address and SERVERNAME is the NetBIOS name of the NT server)
      NOTE: Legal characters are A to Z,a to z or 0 to 9
      If the file does not exist, copy it from the lmhosts.SAM sample file.

   4. Now edit the lmhosts file on the NT server machine (usually in c:\WINNT\system32\drivers\etc) and add a line as follows:

      	aa.bb.cc.dd	CLIENTNAME	#PRE

      (Where aa.bb.cc.dd is the Firewall's internal IP address and CLIENTNAME is the NetBIOS name of the windows client machine)
      NOTE: Legal characters are A to Z,a to z or 0 to 9
      If the file does not exist, copy it from the lmhosts.SAM sample file.

   5. On both Windows machines, run nbtstat -R to flush and reload the LMHOSTS cache.
      You may also wish to run nbtstat -c to check that the entries are correct.
   6. On the Firewall, open up a TCP Relay to the NT server from the outside for the NetBIOS service TCP139 as follows:
      Using fwadmin, navigate to:

      	Other keys->Setup->Access control->Services->TCP Proxies

      Using remadmin, navigate to:

      	Access (radio button)->TCP Proxies

      Now append/insert a the service 139 and set the Relay to Host field as the NT server's IP address.
      You may also wish to set the source address restriction and/or an authentication method.

   7. On the Windows client machine, there are two methods to map a network drive to the shared resource, namely using the Windows explorer or the DOS command line tool net use.
      Using explorer, click on Tools and then Map Network Drive. Select a drive letter to use and type in the path to the shared resource as follows:

      	\\SERVERNAME\sharedresource

      NOTE: NetBIOS names are CASE-SENSITIVE. Type them exactly as they are setup elsewhere.
      You should now be prompted for your password (as set on the NT server) and upon typing that correctly, the drive should be mapped.
      Using net use, open a DOS prompt and type the following:

      	net use * \\SERVERNAME\sharedresource ?

      NOTE: NetBIOS names are CASE-SENSITIVE. Type them exactly as they are setup elsewhere.
      You should now be prompted for your password (as set on the NT server) and upon typing that correctly, the drive should be mapped.
      You may replace the * with your choice of drive letter to map, the * tells it to use the next available letter.
      For more net use options, type net help use | more

    

   
   The End.