Mark Minasi's Tech Forum
Register Calendar Latest Topics Chat
 
 
 


Reply
  Author   Comment  
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 740
Reply with quote  #1 
So back in Sept Azure release the Azure File Service.
I asked could it be used over the internet i.e. have an on premise client/ server access and was told no by a MS Technical person.

So On Tuesday I was at a presentation and again MS said Azure File share, in Azure accessible over the internet.

So my colleague and I both look at each other and go...nope don't work.
And we tried it and it didn't work.

So I queried the presenter and he said, no it works, but you need Port 445 allowed to Microsoft Azure.
See here - https://azure.microsoft.com/en-us/blog/azure-file-storage-now-generally-available/

So I tried again, but I'm thinking most ISP's block 445, unless you have it inside a VPN.

So I reconfigure my Firewall - tried it - nope.
Plugged my laptop directly into the internet - tried it - nope.

Tried Netmon to monitor, traffic is all out, not seeing any returned traffic.
Tried Portquery and PSPing

I'm not near the limits of my knowledge....how to I test where 445 is blocked, without having a mirror port hit back at me?



__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
wkasdo

Avatar / Picture

Administrator
Registered:
Posts: 177
Reply with quote  #2 
> Plugged my laptop directly into the internet

So you plugged in to the NY internet exchange or something [smile]

Seriously, how would you know that your ISP is not blocking 445/tcp? It may be true that you can connect from the internet (meaning non-Azure ranges), but if it requires 445 it is a completely useless feature.

That issue aside, what were you intending to use it for?

__________________
[MSFT]; Blog: https://blogs.technet.microsoft.com/389thoughts/
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 740
Reply with quote  #3 
Not quite NY....Dublin

It was one of those he said she said things.
Several months ago a Sales Rep sold some Azure file storage with no guests/ services to a customer to enable them use some cheap storage.
We said it couldn't be done.
He sold the item as at some sales/ marketing event he was at said you could do it.
We investigated and couldn't. Asked a MS tech person and he said no can't be done.
Many heated discussions later sold customer a different solution.
So Tuesday a MS product manager at the Azure Cloud Roadshow said it again "you can access Azure file share from an on premise client/ server as a file share"
So I queries him by email and was told yes....referenced the link above or similar (full url was clipped but MS poster was mentioned)
So we tried it again.
And it did not work.
So I asked a few proper network guys about ISP's blocking 445 and they all said no, but use nmap or similar to track from A to B.
I'm 5 hops from the MS handover so UPC/ Virgin are not back hauling it somewhere interesting.

Reasons. .. pure curiosity. I personally think it's being blocked at the MS Edge, but would like to know how to test and the actual answer.

__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 740
Reply with quote  #4 
Seems I can scan 3389 with Nmap to an Azure Guest that I own and know is open and I get an open port.
If I try port 445, I get filtered.

Not a lot more info.

Wonder can I do the little Dutch boy and plug my laptop into the Internet pipe outside the Dublin Data Center and see if I can connect.
(No pun intended on the tiny joke)


__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
Infradeploy

Avatar / Picture

Senior Member
Registered:
Posts: 165
Reply with quote  #5 
It wasn't a finger...
__________________
Have SpaceSuit, Will Travel

0
wobble_wobble

Avatar / Picture

Associate Troublemaker Apprentice
Registered:
Posts: 740
Reply with quote  #6 
His head...


(You started this)

__________________
Have you tried turning it off and walking away? The next person can fix it!

New to the forum? Read this
0
ukinahan

New Friend (or an Old Friend who Built a New Account)
Registered:
Posts: 19
Reply with quote  #7 
you should be able to map right to it using once you have confirmed that the firewall is not an issue.
net use <Letter>: \\<service name>.file.core.windows.net\<shared folder> /u:<storage account name> <primary access key>

e.g. (obviously the string is bogus [smile])
net use J: \\fileshares.file.core.windows.net\files /u:fileshares PuA+tQuaaKF3pz07feP07IuFr32MUjlG83s42vkERe1MkWn/XrsAPywyF0jxUPJDmP1ZRbXoRiWrpYejUFSi/g==
0
donoli

Senior Member
Registered:
Posts: 459
Reply with quote  #8 
More simply, if I run \\192.168.1.6  my shares on the local box will appear.  Port 445 replaced port 139 somewhere along the line as the file sharing port. If I do the same using my external IP address, I'll see an error: "the network path can not be found".  Chances are it's due to port 445 not being forwarded to any local machine on the network not so much because the ISP blocked it. However, it will show me the shares or a least take me to a login prompt, on a machine in the DMZ. 

Instead of using a port scanner, I would use a domain scanner.  That scans a Class C subnet, external or internal, for the port of your choice. I have Ostrosoft Tools.  I don't know if it's still available. In the days of dial up, one could read the shares on any remote machine that had file sharing enabled since there were no routers blocking the port.  Although I've seen printers in the DMZ (dumb) there aren't many machines in the DMZ with file sharing enabled. nbtscan.exe will scan for them.
0
Previous Topic | Next Topic
Print
Reply

Quick Navigation: