Wide-range samba


Results 1 to 10 of 10

Thread: Wide-range samba

  1. #1
    Join Date
    Jan 2003
    Location
    Houston, Texas
    Posts
    81

    Wide-range samba

    I have a samba server set up behind my router, and I want it to be accessible to people outside the network (over the net). What ports do I need to forward to my Linux box? Just forwarding 139 doesn't do the trick. I have been told that only VPN, or putting the box "outside" the router will work. Is this true? It seems hard to believe.

    BTW, I know that FTP is a better and more secure way to do this, but the people that need access are a bit tech-illiterate and would not use an FTP type setup, no matter what kind of coaching I give them. The files shared will be accessed and altered/appended frequently, so up/downloading via FTP would be intimidating and cumbersome for them. So, unless there is a way to make FTP behave like a Windows share (I'm open to suggestions; personally, I'd rather use FTP), I'll have to stick with samba.
    There is a reason for everything. Sometimes, that reason just sucks.

  2. #2
    Join Date
    Dec 2002
    Location
    Right where I am
    Posts
    904
    you have several different options actually.

    you can forward all the port - this is probably the most secure method
    put the server in a dmz - makes the whole computer visible to the net, but keeps it behind the router
    use ftp - in windows there is a program i believe called ftp folders or something of the like. i know winxp has it, i dunno if win2k does or not, but win9x does not have it. anywho, this sets up an interface similar to a regular folder. i believe you can even map it to a drive letter, but i haven't done it in a long time so i don't remember exactly. just open IE and goto an ftp site and see what happens.

    ftp would be the most secure overall, but if you really want samba find the ports that yours uses and forward those to make it secure

    a dmz is a de-militarized zone and basically it gives the world full access to any services you have running on your computer, almost like it was outside the router
    -------------------------------------
    blobaugh
    lobaugh.net


    All you ever need to know about Samba at O'Reillys (Online book)
    DSL Linux in your pocket.
    Need help choosing a distro? Distro Chooser
    My Screenies
    Table of Windows equivalent software on Linux
    Linux Games from Windows

  3. #3
    Join Date
    Apr 2003
    Location
    UK
    Posts
    1,181
    Doing a quick google I found reference to ports 137,138,139 and 445, try forwarding all of those and if its works you can experiment to see which ones you actually need. Also make sure to use you IP address to connect and not the hostname you have set up as it may be an issue with resolving the hostname for the samba shares.

  4. #4
    Join Date
    Oct 2000
    Location
    Calgary, Alberta, Canada
    Posts
    8,130
    fyi, allowing samba over then internet is one of the worst security holes/mistakes that can be made.

    if you want people to be able to send/receive data to/from you then you should be using ssh.

    if you set up a vpn, then samba would be okay to use... but just opening the samba ports to the Internet -- be prepared to get hacked, it _will_ happen.

    PS: FTP is also not secure. use ssh.

    PPS: if they are tech-illiterate then make them learn how to use ssh. tell them they can't connect unless they want to learn the proper way to do it.

  5. #5
    Join Date
    Jan 2003
    Location
    Houston, Texas
    Posts
    81

    security

    I'll give the port forwarding a try today, but I'm getting less and less enthusiastic about using samba like this. I really just want to do it because I'm curious.

    But I still have a problem; getting this data shared over the net. Unless there is a good, transparent win32 client out there, getting unmotivated, nontech people to learn ssh for file transfer is a pipe dream, IMHO. These people don't even know what a command line is, much less how to use one. FTP is going to be pushing it, but it might work.

    So, does anyone know a way to make FTP act like a drive share? I don't even know if it's possible (probably not), but is there any way to set up an FTP server so that you can alter files on the server, as in a drive share? Even a software package that does something similar, but makes it transparent.

    Server is Slackware-current, ProFTP
    Clients will be WindowsXP
    There is a reason for everything. Sometimes, that reason just sucks.

  6. #6
    Join Date
    Oct 2000
    Location
    Calgary, Alberta, Canada
    Posts
    8,130
    use ssh.

    do not use ftp.

    there is a windows client called pUTTY - easy to use. and only 1 executable file.

  7. #7
    Join Date
    Jan 2003
    Location
    Houston, Texas
    Posts
    81

    ssh vs ftp

    I use putty to ssh in to my machine remotely all the time; I have it on a USB key so I can use it anywhere. But getting files via ssh file transfer is far beyond the level of complexity I could expect (one of) these people to use. Heck, I don't even use it.

    Unless there is a way to do this in a transparent manner, using windows and drag & drop, they are going to revert to a sneaker network. And they live crosstown. Basically, there's no point in setting it up if it's the least but complicated; they won't use it.

    And I can't just tell them to f* off if they don't like it. It's my wife & her business partner. (My wife could handle the ssh or ftp; she'd hate it, but she could do it. It's her partner that would freak, and she is the controlling partner)

    Thanks for your help, anyway. It seems I have hit the point of security vs functionality. It's a tradeoff; but it's either reduced security or eliminated functionality at this point.
    There is a reason for everything. Sometimes, that reason just sucks.

  8. #8
    Join Date
    Mar 2003
    Location
    hiroshima
    Posts
    15
    why dont you use wsftp? you could set it up to default to the right directories at both ends and to remember the passwd. its not quite drag and drop, but you just click the transfer button instead.

    on the other hand I wouldnt serve ftp from inside my network either, to be honest.

    how about if you share files through a yahoo group?
    nigel
    hiroshima
    linux counter #208272

  9. #9
    Join Date
    Jan 2003
    Location
    Houston, Texas
    Posts
    81

    FTP

    I've been running an FTP from this box for a while now, with no real trouble. I have the directories & users isolated, ftp users don't have real shell accounts, etc. As long as everything stays isolated, it's not too big a deal. Nothing here is ultra-critical or very private, anyway.

    I think I'm going to try using IE's FTP feature. Minimal change from what they know, etc. If that's a problem, I may try some command line FTP program and write a quick script. All I'd really need to do is sync a directory on the client with a directory on the server when they need to access the files. I wonder if there's a good FTP client for that.

    If anyone knows of a good client to do that (win32, still) or a server (linux) that supports it, please post here. I'm off to google & check documentation.



    hmmmm....This thread has diverged.
    There is a reason for everything. Sometimes, that reason just sucks.

  10. #10
    Join Date
    Dec 2003
    Location
    COLORADO
    Posts
    439
    VPN is probably the easiest quickest way for a windows user, for one it connects into that network allowing the user to see everything as if he/she was on the network, and two its easier than ftp just point and click a little icon "connect to <vpn name>" three its fairly secure. Although the setup of the vpn may be just a little tricky, wouldn't know though hanv't had time to set one up yet
    Be AWARE: gramaticle/spelling errors will happen
    ReX Productions
    Current Web Project
    Join Project Honey Pot

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •