My work domain has direct access - i.e., not behind fireware/NAT etc.
My laptop at home sits behind a DSL router that does NAT, further more
it is not within the work domain. When I bring the laptop to work i
can access my files fine (without joining the domain), simply by
mapping a network drive with the IP numbers of the machines i want to
connect to.

I would like to do the same at home, where i am behind the router with
NAT.

I am running Windows XP Pro. Work is Windows 2000 server.
I am using the Netgear DSL router with uPnP, e.g., MSN video
conferencing works without problems.

---

Request for Question Clarification by sycophant-ga on 05 Mar 2003 04:20 PST

How much control do you have over the configuration of the network you
wish to access? Often in situations like this it is necessary to use a
VPN setup to allow this sort of traffic through a NAT setup.

Is the address range of the computer you are trying to connect to a
real-world IP, or a private network one (192.160.xxx.xxx or
10.xxx.xxx.xxx)?

Also, I am curious why you are not using a firewall? I used to build
and deploy firewalls, which we often configured for this very purpose.
They operated two-fold as protection as well as a VPN gateway. I
myself would be very hesitant to deploy any sensitive computer onto
the public internet without a firewall.

With the answers to my first two questions, I maybe able to suggest a
few options.

Regards,
sycophant-ga

---

Clarification of Question by ark5617-ga on 05 Mar 2003 16:57 PST

I have complete control over the software side but not the hardware,
since it's administered globally. I.e., I can install VPN/RAS but i
can't resegment network or change DHCP settings.

The address i am connecting to is a real-world address. I realised my
Router's smb ports are probably closed and i've tried to specifically
open them to no avail (i also thought uPnP should have done it for me
automatically).

I am very curious as to why i cannot just map the network drive and
have to resort to a VPN.

Don't start with the firewalls, if it was up to me we would be all
firewalled.

with regard to the comments posted. GoTOmyPC is really not what i am
looking for. If I want to I can always use Remote Desktop
functionality with WinXp to connect. I want to directly map the drive.

cheers
ark

Assumption:  The work environment consists of publicly addressed
computers behind a non-firewalling router.  The router does not route
SMB (ports 137-139) for security reasons (Most do not.) Thus inside
the workplace connections are simple, outside basically impossible. 
I'm also assuming that adding hardware or 3rd party software is not an
option.

In the interest of answering your question, I'll refrain from
soap-boxing about security, except where it directly affects the
answer.

Several possibilities immediately come to mind. Unfortunately all of
them require something to be seriously altered.  The simplest solution
would be to enable RAS on the Win2k server, and create a connection
from home to work via RAS.

RAS documentation from MS:
http://www.microsoft.com/windows2000/docs/cnctrmote.doc

That is probably the single easiest way to do it, if assumptions are
correct.

This is something that was mentioned by the other commmentor, but
would your work setup allow for the usage of third-party programs such
as GoToMyPC? (https://www.gotomypc.com/) Most work networks will not
allow the setup of such programs for security reasons, or sometimes
any programs at all without an admin password. (Try also
http://www.microsoft.com/windowsxp/remotedesktop/rdwebconn.asp)
Some work network setups already have systems in place for remote
access to allow for traveling business people, so if you haven't
talked to your network admin, you should ask him about this as well.
Depending on the system they use, it might only be limited to posting
orders and whatnot, and not actually accessing the files on your
computer. For more info on remote third-party software, and a question
that is similar to yours, click here:
http://www.experts-exchange.com/Networking/Q_20382913.html

Normally you don't want SMB accessible publicly.  It isn't a
particularly secure protocol.  Enabling SMB ports on the router MAY
allow a connection via WINS, but definitely will not allow the old
NETBEUI system.  The WINS system may work if you add your home public
ip to WINS, which will require you to forward (Masquerade, actually)
SMB over NAT.  In other words, it isn't totally impossible to do it
that way, but it does pose some difficult routing challenges.  In my
experience it is generally both much easier, and much more secure to
enable RAS/VPN than to connect SMB over the internet.

Note that if you go the VPN route you should be able to connect to one
computer, but have access to all on the network, as if you were in
fact on your work network.

You also need to know that some ISP's block SMB ports at their
gateways for one reason or another.