On a multi-user machine different users can open different shares and due to the intricacies of SMB connections the GI cannot reliably convey information about these so it's not done. Even this is not true, as the machine itself (using network service builtin) could open SMB connections to shares for whatever use. On a single concurrent user machine one can safely assume that the logged in principal also opens the SMB connections. I assume that SMB connections are mediated by the NT kernel and hence they are not plain application sockets such as SQL (TCP 1433) or HTTPS (TCP 443) or whatever plain user space processes open. Just an educated guess: in a multi-session environment (RDSH) NSX Network Guest Introspection filter ( an optional component of VMware Tools) cannot provide the identity of the initiator of an SMB connection without doubt, so it doesn't make assumptions either. I also use VMware Tools to get Logged on Users, like in the VMware Labs and not AD Log Scraper.Īnyone have an idea or is this a Bug like it looks like for me? VMware Tools, I have tested multiple Version of v11 and v12, is always the same. My NSX-T Version is identical with the Vmware Labs “3.”. ![]() Vmware Writes that all TCP and UDP Ports will work with IDFW on RDSH, ony ![]() ![]() I don't know if there are more ports that don't work from an RDSH, I have only tested these three ports so far. Result: RDP is blocked as on the firewall configured, but SMB is not, this is now still accessible Source VM: user-vm-01 (RDSH role installed) Results: SMB and RDP is blocked as configured in the firewallĮxample 2 (Identical to setup above, simply installed with RDSH role on source VM: Source VM: user-vm-01 (Without RDSH role) The problem is not only in my environment, I can recreate this in the VMware LABS (NSX-T Security: ), by cloning the Windows VM "user-vm-01" available there, creating an SMB share on the clone and create the following Firewall Rule (Where Destination “rds” is my new cloned Windows VM): As soon as the RDSH role is uninstalled again, it works again. However, as soon as I install the RDSH role on the same VM, only "RDP" and "SQL" of these three ports still work, the SMB port 445 then no longer works. As long as I don't have an RDSH role installed on the source VM, the IDFW rules worked with the tested ports (RDP, SQL, SMB). ![]() create a self signed cert to use HTTPS with multiples CN and IPīut after 2nd step I have only two files generated: rootCA.key and rootCA.pem and I am unable to add these files to Chrome (not supported format).įinally, question about port forwarding.I am currently testing IDFW and having problems with SMB access, when the RDSH role is installed on the source VM.īasically, IDFW works with other ports that I have tested (so far only tested RDP, SQL successful), but it simply does not want to work with the SMB port. I was trying to create certyficate manually using below guide: Certificate was created as it was described in above link and it is selected in FTP / SSL/TLS tab (option "Enable SSL/TLS connections" and "No session reuse required") and I am able to connect with my OMV via ftp but when connecting with OMV control panel - connection is not set as unsafe. Noob Guide to Enabling FTP Server and Using Filezilla Client (Remote Use)Īnd after configuring I have found another problem with SSL certificate. There is also port forwarding for passive ports 14100:14110 - option Passive FTP is on (I does not know is this is required).Ībout the FTP and outside connections - I was using below manuals: Internal IP address: my OMV IP address defined in router DHCP settings
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |