There are a few ports that need to be open through firewalls for file sharing to work. The ports here are the ports needed to open Microsoft file sharing.
- UDP ports 135 – 139
- TCP 135 – 139.
- TCP and UDP 445
What does that say? What direction do the file sharing ports need to be open?
If you are coming from computer A to fileserver B to open up the files on the server the UDP ports 135-139,445 and TCP 135-139,445 need to be open for the destination A.
To show this in a real world setup you could assign computer A with IP 10.10.10.10 address and a firewall with the inside 10.10.10.1 address. The firewall with a 192.168.20.1 outside address and file server with a IP address 192.168.20.10 address.
Click to enlarge.
To open the ports on the firewall you would need to open on the access list on the inside of the network. The access list would read something like this.
Permit computer to talk to destination file server on file server ports.
If translated to Cisco access list for file sharing. It would read like this.
access-list inside permit udp host 10.10.10.10 host 192.168.20.10 range 135 139
access-list inside permit tcp host 10.10.10.10 host 192.168.20.10 range 135 139
access-list inside permit udp host 10.10.10.10 host 192.168.20.10 eq 445
access-list inside permit tcp host 10.10.10.10 host 192.168.20.10 eq 445
This does not fully close this issue for opening file shares. To open file sharing on Microsoft networks you need to authenticate so you are allowed in. No authentication and you will not get file share to work. So make sure you permit the authentication ports as well if you are using Active directory.
TCP/UDP 88, 389, 464 – Kerberos, LDAP
TCP 636 – LDAP
TCP 3268-3269 LDAP GC
UDP 53,123, DNS, NTP
Good luck :)