Few days ago I got a new fiber glass internet connection here which works perfectly.
Together with the new connection type I also got a new free router from my local internet provider: an AVM Fritz!Box 7570 VDSL.
First of all I want to say that this is really a great product: it has a build-in VDSL modem, but also VoIP telecommunication ports (analog and ISDN), provides WLAN and even DECT for connecting your mobile phones.
I just had one problem: after this new router was up and running from within my network I could not access our web service operating on port 445 anymore. Thus no outgoing connection on port 445 was possible anymore.
Therefore I went to check the router settings, but could not find any option or at least a note about this port blocking. But searching the web afterwards turned out that I was not the only guy struggling with this issue.
Of course, port 445, the same as also the other mentioned ports 135 and 137, are normally reserved for NetBIOS respectively SMB communications which really would be a security issue if such services would be used outside of a secure local network. But anyway, even if a port number is normally used for a specific service, everybody is free to use it in a different way like us: We are using ports 444 and 445 for operating some internal SSL webpages as the default port 443 is already in use.
As I’m not the only one in my company using this internal SSL webpages and I definitely didn’t want to change our port usage just because of a new router, I needed to find a way to convince my Fritz!Box to allow outgoing connections on port 445.
After doing some research, I finally came up with following solution. Here is a step-by-step guide to get outgoing connections on ports 135, 137 and 445 working with an AVM Fritz!Box:
- save the settings of your Fritz!Box to a file (menu “System” / “Save Settings”).
- open this file with a simple text editor.
- replace all occurrences of
filter_netbios = yes;with
filter_netbios = no;. (If you have an older Fritz!Box model, the name of this config entry may be a little bit different. In this case just search for “netbios” and you should be able to find it easily.)
- add a new line
NoChecks=yessomewhere on the top of the config file (I added it below the line starting with
Language=). Without this line import won’t work, because the Fritz!Box would reject to load a manually changed config file.
- finally restore the setting by using your changed config file.
That’s it! After your changed config file is loaded, the Fritz!Box will reboot and now outgoing traffic on ports 135, 137 and 445 works fine again.
Of course, I understand that it is useful to block ports with a potential security risk by default, but I absolutely don’t understand why AVM does not provide a way (somewhere in the advanced settings) to change this from within their user interface. A router should never patronize a user: if the user wants to use a specific port for whatever reason, this has to be possible with every router!
Does your router also block some ports without being asked for?
This post is also available in Deutsch.