CORPORATE.NET

Sharing Files Over The Internet With Windows95

Peer-to-peer networking is a mainstay of small organizations, and can be a user-empowering time-saver for large, centrally managed environments as well. Nearly everyone is aware of Windows95's built-in peer-to-peer networking capabilities, which allow end users to easily share locally attached disks and printers with co-workers over the LAN. But far fewer people have realized that Windows95's peer-to-peer networking capabilities also can operate over the Internet.

No need to use FTP to transfer files via the Internet; just view files on a remote Windows95 machine directly from inside of Explorer, just as if you were viewing your local hard disk. Install software from a CD-ROM loc ated across the country. Forget about the fax machine or MIME encoding documents into e-mail; just print directly through the Internet to a remote user's desktop printer. And here is the sweet part: All you need is Windows95 and connectivity to the Internet. There is no need to purchase additional software.

First Things First: Get On The Net For starters, we'll assume that Windows95's TCP/IP has been configured and is properly talking on the Internet via a network adapter or dial-up. Make certain the Windows95 Service Pack 1 has been installed. The Service Pack patches several security holes, including a weak password cache-encryption scheme and a bug that could allow knowledgeable Unix users on the Internet to view your entire hard drive using SAMBA (more on SAMBA below). The Service Pack can be downloaded free via the Web from www.microsoft.com/ windows/ software/ servpak1/ sphome.htm. You should also consider installing post-Service Pack patches found at www.microsoft.co m/ windows/ software/ updates.htm.

Windows95 includes clients and servers (called "services" in Windows95) for both NetWare and Microsoft networks, among several others. But it can be difficult to know exactly what protocol is being used since Windows95 shrouds network details in "friendly" terminology. The included Windows95 Client Services for NetWare shares files using the NetWare Core Protocol (NCP) and can be bound on top of IPX/SPX, the typical setup for Novell NetWare. The Windows95 client services for Microsoft shares files via the Server Message Block (SMB) protocol. SMB also is used in Windows for Workgroups, Windows NT and OS/2. NetBIOS provides an application programmers interface between file application-layer services, in this case SMB, and lower-layer transport and network protocols. SMB can run on top of any NetBIOS-compliant transport protocol, and inside of Windows95 this means NetBEUI, IPX/SPX or TCP/IP.

How these NetBIOS requests get mapped into TCP/IP is detailed in RFC 1001/10 02, and is commonly refe rred to as NetBIOS over TCP/IP (NBT). NBT is what we want to use over the Internet, and is supported in Windows95 by simply binding the included Client for Microsoft Networks and File and printer sharing for Microsoft Networks to TCP/IP.

Activate NBT in Win95 To fire up NBT in Windows95, choose the Networkicon from the Control Panel. In the Configuration tab, verify that the Client for Microsoft Networks is present. If not, add it via the Add... button. If the Client for NetWare Networks componenet is present, no problem, the Microsoft and NetWare clients can coexist.

Verify that the File and printer sharing for Microsoft Networks is present. If not, add it. Unfortunately, Windows95 cannot support these Microsoft and NetWare services at the same time. If you currently have File and printer sharing for NetWare Networks installed, remove it and add Microsoft's. Removal of this service will not prevent access to NetWare servers. But it will prevent others from acc essing your local hard disk/p rinter peer-to-peer via Novell protocols.

Now double click the TCP/IP protocol entry, which you should already have present, select the Bindings tab, and make certain that both the Client and File and printer sharing for Microsoft Networks are bound. Note that you may have to check more than one TCP/IP protocol entry, for example, one for a network card and/or one for a modem. Still from within the Network dialog, click on the Identification tab and refer to the figure on page 116.

The third tab in the Network dialog box, the Access Control tab, selects between Share-level and User-level security. Share-level security protects resources on your computer, such as directories or printers, with passwords of your own choosing. User-level security allows you to specify who can access what resources through a login name. Windows95 then verifies an incoming login name/password combination against an external server, typically a NetWare or NT server.

Finally, to activate p eer-to-peer services, click on th e File and print sharing button on the bottom half of the Network dialog, and check the resulting boxes to enable sharing. If you access the Internet via dial-up, see the figure to the right for additional settings.

Solving NetBIOS Name Resolving At this point, there is just one obstacle left: NetBIOS name resolution. To access any machine on the Internet, an IP address is required. Normally, traditional Internet Winsock-based applications such as Web browsers, FTP and Telnet clients, utilize a Domain Name Server (DNS) to translate names, such as a Fully Qualified Domain Name (FQDN) like www.networkcomputing.com, into an I P address like 198.80.26.187. Similarly, NBT needs a method to translate a remote machine's NetBIOS name into an IP address. Note that, unlike Winsock apps, you cannot file-share in Windows95 by identifying remote resources with an IP address or a FQDN (although this is changing in NT 4.0); you MUST use the NetBIOS name.

In a LAN sit uation, this NetBIOS-to-IP address tra nslation normally would be handled via a network broadcast. But broadcasting onto the Internet is not an option, since the broadcast would not make it through the first router encountered. Windows95 will attempt to resolve the name via DNS, but will succeed only if the name can found in a default DNS zone; for example, the name need not be fully qualified.

Windows95 provides two extra methods for NetBIOS name resolution: LMHOSTS and WINS. Windows95 tries all four methods in succession when translating a NetBIOS name to an IP address. The order in which these methods are tried can be controlled via entries in the Windows95 registry.

LMHOSTS LMHOSTS is a simple text file that contains an IP address followed by a NetBIOS name, similar to a traditional HOSTS file. It is reasonable to use an LMHOSTS file when dealing with a limited number of hosts using static IP addresses. There is a sample LMHOSTS file in Windows95, in the file \WINDOWS\LMHOSTS.SAM, which documents the simple syntax plus some options. To use, simply create a file \WINDOWS\ LMHOSTS (note there is no filename extension), and type in your entries. For starters, type the following line into \WINDOWS\ LMHOSTS: 198. 105. 232.1 FTP #PRE.

This is the address and NetBIOS name of the machine performing Microsoft's anonymous FTP service on the Net. The optional #PRE instructs Windows95 to load this address into a cache to avoid reparsing LMHOSTS whenever the address for FTP is needed. You can f ind out the IP address of a given machine by running the \WINDOWS\ WINIPCFG. EXE utility on that machine. After making edits in LMHOSTS, run the command NBTSTAT -R to reload this name cache. Note that, unlike aliases in a HOSTS file, the NetBIOS name listed in your LMHOSTS file (in this case, FTP) must match exactly the true NetBIOS host name of th e remote machine. In other words, you must call this machine FTP; you cannot decide to name it MicrosoftFTP, for instance, and successfully establish a connection.

An LMHOSTS file can be centrally maintained via the spiffy #INCLUDE directive, which permits the inclusion of all LMHOSTS entries on another remote Windows95 or NT machine. But using LMHOSTS to reach machines with dynamic IP addresses is a pain, and more machines are using dynamic IP addresses due to the increasing popularity of DHCP and BOOTP. Furthermore, most dial-up users receive a different IP address nearly every time they connect.

WINS Windows Internet Naming Service (WINS) is Microsoft's solution to resolving NetBIOS names in a dynamic IP-address environment. WINS-aware clients, such as Windows95, automatically register their own NetBIOS name and IP address with the centralized WINS whenever the NBT stack is started. This client self-registration allows the WINS data base to remain accurate in the face of dynamically changi ng IP addresses. Whenever clients need to resolve a NetBIOS name to an IP address, they simply ask the WINS server using directed IP packets; no more broadcasting required. Compared with LMHOSTS, there is no need to manually update any files.

To configure Windows95 to query a WINS server for IP address lookups, go to Control Panel, Network, double click on a TCP/IP protocol entry to see the properties, and select the WINS Configuration tab. Here, enter the IP address of a machine hosting a WINS server. The Secondary Server will act as a backup to the Primary in case of failure. If you dial up to the Internet, note that each dial-up profile can have unique WINS serve r addresses.

Although there is a WINS client, there is no WINS server included in Windows95. A WINS server normally runs as a service on a Windows NT Server. If your organization runs NT Server on the network, this is your best option. But if your servers are all Novell or Unix, t here are still a several options for accessing a WINS server .

Check with your Internet Service Provider (ISP) to see if it provides one. Alternatively, if you have a Unix server, consider downloading SAMBA from ake.canberra.edu.au/pub/samba/samba.html. SAMBA is a fantastic, freely available package that enables a Unix box to act as an SMB file server using NBT, just like Windows95 and Windows NT. Unlike Windows95, however, SAMBA provides a demon named "nmbd" that can act as a basic WINS server.

Another option is to check out a company called Winserve (www.winserve.com). Winserve offers a number of Internet-based Windows network services. One of these is a generous, freely accessible "public" WINS server.

To use it, enter 204.118.34.6 and 204.118.34.11 as the primary and secondary addresses on the WINS Configuration tab.

With WINS configured, you will always have current NetBIOS-name-to-IP-address resolution, but you will only be able to resolve names which the WINS server knows about; for example, the names of other machines that use the same WINS s erver.

Start Sharing! Your Win95 system is ready to share over the Internet. Accessing remote files and/or mapping drives is accomplished in exactly the same way as sharing files over a local peer-to-peer system (with the exception of browsing, which we'll address in a moment).

Just click on Start, choose Run..., and enter a Universal Naming Convention (UNC). If entered above the sample line in your LMHOSTS, which points to Microsoft's FTP site, entering \\FTP\data in the Run box should open an Explorer window containing the files available at Microsoft. Or run \\FTP alone to view a list of all the available exported shares.

To allow others to access y our local files or printers, simply right-click on a folder or printer in the Explorer and select Sharing to assign a sharename for the resource. Tip: appending a $ to the end of the sharename makes it hidden; the sharename will not appear to remote hosts on th e list of shares or via browsing, yet can be accessed by users who know the explicit sharename. Be certain to assign a password if using Share-level security; Share-level security may be your only option if, for example, you are dialing into an IP-only ISP and company accounts are maintained on NetWare. Finally, you can run \WINDOWS\ NETWATCH. EXE to view/manage who is connected.

Browsing Via The Network Neighborhood Workgroup browsing does not work across subnets. But if your organization is using Windows NT Servers, you can browse remote Microsoft network domains via the Internet under certain configurations. Be aware that the domains we are talking about are Windows NT network domains, which have nothing to do with DNS domains.

A domain master browser, which is typically an NT box acting as the primary domain controller (PDC) for a given domain, functions as a central manager to exchange lists of all visible network resources with master browsers in the same domain located on remote subnets. This mechanism can activate browsing over the Internet.

To do s o, first enable WINS (as described previously) to a WINS server aware of a given domain's PDC. Next, set the Workgroup name on the Win95 machine equal to that of the domain name. For Win95 WINS clients, if the Workgroup name is the same as one of the domain names in the network, the Workgroup name automatically becomes a member of that domain. Finally, in the Properties for File and printer sharing for Microsoft Networks window, set the Browse Master property value to Enabled to ensure that the master domain browser sends your machine the updates.

What About Security? Security risks always increase when sending packets over the Internet. But, consider that when file sharing ov er the Internet with Win95, access passwords are encrypted. This is more than can be said about common alternatives to transferring data via the Internet, as FTP and Telnet typically pass passwords in the clear. If you wish to use the techniq ues described here to run NBT over a company WAN firewalled from the Internet, con figure your firewall or router to block UDP traffic on ports 137 and 138, and TCP traffic on port 139.

Todd Tannenbaum can be reached at ttannenbaum@nwc.com.