Samba via Internet

T0M3K · n00b Joined: 19 Mar 2004 Posts: 67 Location: Brooklyn, NY

I got Verizon DSL upload upgrade, so I want to use this upload for something.
My friend and I have lots of data, shared on individual networks by samba. He has BSD, I have gentoo. Is there a safe way of secure and fast connection of those servers.
_________________
http://www.dslr.net/

nobspangle · Posted: Tue Jun 01, 2004 6:09 pm Post subject:

you may be able to tunnel the smb connection over ssh (not quite sure which ports you need though) or you could set up some sort of vpn

T0M3K · n00b Joined: 19 Mar 2004 Posts: 67 Location: Brooklyn, NY

I think the port needed is 135 or 139, I always confuse both of them.
The SSH sounds like a good idea. Only one port open and it's secure.
I only wonder how to do it.
_________________
http://www.dslr.net/

davidblewett · Posted: Tue Jun 01, 2004 9:29 pm Post subject:

Do a google search for SSH and Port Forwarding. Basically, you want to create the SSH tunnel to the other machine then forward all requests to a pre-determined local port to the other machine's Samba port. This way, all traffic from the local port and remote Samba port goes over the SSH tunnel. I use this method to securely transmit email over IMAP without having to configure imap-ssl or even allowing IMAP access to the outside world. You can also use Squid, and be able to surf the internet from anywhere with all the traffic going over the SSH tunnel. Effectively cuts out any monitoring of web traffic.
_________________
No guilt in life, no fear in death
this is the power of Christ in me
From lifes first cry to final breath
Jesus commands my destiny
-- Newsboys, "In Christ Alone", "Adoration: The Worship Album"

nobspangle · Posted: Tue Jun 01, 2004 9:53 pm Post subject:

http://hr.uoregon.edu/davidrl/samba.html#ssh

This example is to connect to a samba server from a windows client but I just tested it quickly from one samba machine to another and it works great.

First stop Samba on one machine then from that machine
ssh -L 139:localhost:139 ip.of.other.server

and you should be able to browse the shares on the other machine, be warned it's damn slow

T0M3K · n00b Joined: 19 Mar 2004 Posts: 67 Location: Brooklyn, NY

I want it to work in two ways, so both servers can share their own files in addition to those transported over SSH. But will there be conflict if one SMB server connected to another (via SSH) and still be able to share from both of them to my local LAN.
_________________
http://www.dslr.net/

shagrat · Apprentice Joined: 10 Mar 2003 Posts: 219 Location: Norway

I would say an FTP server would suit your needs better

nobspangle · Posted: Wed Jun 02, 2004 7:00 am Post subject: Re: Automate

arut8ur · n00b Joined: 28 Jul 2003 Posts: 16

maybe you can use the new port microsoft-ds 445/tcp
Supported for windows 2000 and samba x.y.z

the service on this port connects direct over the TCP stream,..
NetBIOS over TCP in MS terminology,..

This is better, because it more connection oriented, and does not need so many ports,..
See the SAMBA documentation for more information

jbpros · Posted: Wed Jun 02, 2004 3:33 pm Post subject:

You may consider using VPN as previously proposed. Two years ago I was using IPsec (freeswan) between three trusted LANs. It was working well but not that easy to implement. Plus you have to consider that IPsec gateways will not see each other on the VPN (correct me if I'm wrong), thus you'll have to use one box more per LAN to handle the IPsec connection.

This solution goes maybe further than what you asked, but it allows a complete transparent implementation of samba and all other trafic between your LANs.

If some people have more recent ideas about VPN solutions I'm curious to read it

Fitzsimmons · Posted: Wed Jun 02, 2004 4:23 pm Post subject:

davidblewett · Posted: Wed Jun 02, 2004 4:35 pm Post subject:

SSH can implement sFTP. You can use WinSCP in windows to connect, or use scp in linux.
_________________
No guilt in life, no fear in death
this is the power of Christ in me
From lifes first cry to final breath
Jesus commands my destiny
-- Newsboys, "In Christ Alone", "Adoration: The Worship Album"

r.j.hall · n00b Joined: 06 Feb 2003 Posts: 53 Location: London

if your both running unix just give each other an account on the box and use scp or sftp to transfer files. ftp is not secure and will transmit your passwords in the cleartext. if you want to make your two networks connected for other things as well look at the frees/wan ipsec project for doing gateway to gateway encryption

http://www.linuxsecurity.com/resource_files/cryptography/ipsec-howto/HOWTO.html

you could also look here
http://www.freeswan.org/

although be aware that the frees/wan project has stopped development
_________________
--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---
You've read it.
You can't unread it!
--- --- --- --- --- --- --- --- --- --- --- --- --- --- ---

Fitzsimmons · Posted: Wed Jun 02, 2004 7:32 pm Post subject:

You could also tunnel FTP through ssh or use SSL on your FTP (which I have no idea how to set up but I know it exists). On a two user basis however, just use SFTP or SCP.

georwell · Posted: Wed Jun 02, 2004 9:27 pm Post subject:

openvpn is what you want. Works great using NAT too. Very simple to setup and only takes one port

I use it all the time so my folks and grab stuff off my machine using windows networking even though I am in Sweden and them in the US.

Just set it to bridge mode and watch its magic.

T0M3K · n00b Joined: 19 Mar 2004 Posts: 67 Location: Brooklyn, NY

FTP is out of question, because it doesn't allow easy browsing and streaming.
I don't want to use ftp on each of the computer on my lan.
VPN is very interesting. I'll take a look at it.
_________________
http://www.dslr.net/

Fitzsimmons · Posted: Wed Jun 02, 2004 11:03 pm Post subject: Re: VPN

T0M3K · n00b Joined: 19 Mar 2004 Posts: 67 Location: Brooklyn, NY

With ftp I cannot open music/video files and use them without downloading them locally first. That's what I mean by streaming.
So let me illustrate it.

Fitzsimmons · Posted: Thu Jun 03, 2004 2:31 pm Post subject:

Actually, I think you could. You could use sys-fs/lufs. The reason I say this is because samba is incredibly slow, even over a lan, so it must be horrible over the internet. FTP is designed to go over the internet and always has been whereas samba is really only capable of going over the net because the same protocol that is used over the net happens to be the same one that is used on lans. That being said, the VPN would work, but I'm not sure how well. Is there any point in streaming your videos/music over samba if they just lag?

I'm actually kind of curious, since I have never tried out such a thing. Therefore, give the VPN a try and report back on the results/speed. Then you can have ftp or another solution if VPN isn't satisfactory.

syadnom · Guru Joined: 09 May 2002 Posts: 531

truely, you should use:

ftp : simple and effective, low overhead, can be accessed from litterally ANY machine anywhere you want

nfs : nfs is a stable and effictive filesystem for internet file transfers. I give the illusion of being a local directory except with slower speed

also, AFS, Coda, and Intermesso might work for you. you can run any number of these filesystem together to see whats right for you.