Ports for NAT'ed Windows share

Simple question: I have a NATed Linux at home that hosts a couple of samba shares. What Ports should I forward from the router to the Linux box so as to be able to access those shares from the internet with windows explorer (a la "\my.dyndns.org\shares\xxx" style)? I want the minimum number of port openings that I should do in the router config to have read/write functionality.

EDIT: Client machine is a Vista one

Solution 1:

• TCP 139, "NetBIOS Session" – SMB wrapped in NetBIOS for compatibility
• TCP 445, SMB – the preferred method, SMB directly over TCP
• ICMP Echo (Ping) – used by Windows to check whether the machine is up.

"NetBIOS Name Service" is TCP/UDP 137, and "NetBIOS Datagram" is UDP 138, but you do not need any of these to connect to shares. These days it is only necessary for "network browsing", which only works within a LAN anyway.

Solution 2:

445 for tcp

Contrary to the original answer here, there's no reason to allow 137-139 which should be blocked.

However, I strongly recommend you do not do this. I don't think leaving a samba share internet-accessible is a good idea.

Please please please set up a secure solution such as an ssh server, so that you can scp/sftp data back and forth.

P.s. http://support.microsoft.com/kb/832017 seems to be a good reference of ports required by windows servers and http://www.petri.co.il/whats_port_445_in_w2k_xp_2003.htm explains the above a little more in depth.