Strange problem here ???. When I eventually logon, only half of my drive mappings are present. I can’t even connect to server which these drive mappings point to. Yet, if I un-install CFP, drive mappings are available and I can connect without problems. Previously, by deleting my global rules, I was able to access (even though not mapped) these servers. I’ve tried adding these servers as trusted but it doesn’t make any difference :(. Even disabling CFP3 doesn’t help. Any ideas?
First question, is there anything in your logs? Click Firewall → Firewall Events. If there’s anything there that doesn’t make sense, you can export the log, and post it here.
Thanks for the reply grue155 :). Unfortunately, I’ve un-installed CFP3 now as this problem (and other’s) were affecting me using my laptop at work :'(. However, I’ve installed CFP3 on another laptop (my own) and is working fine. Regarding the logs, I was just seeing blocked access to ports 137 and 138 (not 445).
Regarding the logs, I was just seeing blocked access to ports 137 and 138 (not 445).
That's it, right there. Ports 137 and 138 are used by Windows shares to do the actual data transfer between machines on a LAN. Block those ports, and there's no sharing.
I thought that ports 139 (netbios-ssn) and 445 (microsoft-ds) were used for sharing. That said, I was still able to access other mapped drives (on other servers), which I thought was odd ???. Unfortunately, one of the mapped drives (or server) had our departments files on so I cound’t access these so had to remove CFP3 :'(.
I tried creating zones for the servers, adding rules for the servers and even disabling CFP3 itself (both firewall and D+) but nothing helped. Even though ports 137/138 were being blocked, I was still able to access all the servers before so I’m thinking that maybe an update to CFP3 caused the problem. I think for now, I will have to run my laptop without CFP3 which is a shame but thanks for help :).
The Microsoft protocols for shares are like spaghetti. Everything has to be in place, or nothing works properly. The ports 135, 137, 138, 139, and 445 all work together. Block one, and it starts getting strange. That’s just the ports. Then there is the question of LAN broadcast traffic, which is also necessary for Netbios and shares to work properly.
The very last address in a LAN IP address space is used for broadcast. That’s usually the x.x.x.255 address, though it can be configured to be different. In CFP, that means you need both the zone definitions for the LAN, and the ports set correctly. If not, then really strange. It seems that you somehow got into the networking equivalent of the Twilight Zone.