Re: Run Samba over SSH - issues with UDP?



On 2007-08-20, Dave <someplace@xxxxxxxxxxxxxxxx> wrote:
The main point of this post is to ask if it is possible to use *recent*
versions of Samba over SSH? (By recent I mean Version 3.0.21b, which I
know is not that new, but is not very old. I think some documents on the
web about Samba over SSH might be about an earlier version which behaves
differently in that early versions might use just TCP and not UDP)

I have a Sun workstation at home which his NAT'ed with a local IP of
192.168.0.10. I have a fixed IP address at home from my ISP, so my
router connects to the Sun, so the Sun can be accessed by a fixed public
IP address. This works well, with a web server, SSH server and other
services accessable from any address on the web. However, whilst I want
the web server public, I don't want to the SSH service publicly
acesseable. I only want the SSH accessible from one IP address
(172.203.128.176). (For security reasons the SSH and http servers are on
different machines, on different subnets, but that is a minor issue).

For this reason I have a firewall on the Sun which only allows access
from this one public IP (172.203.128.176 in example below).

In addition to using SSH to access this box, I tunnel some ports over
SSH, so for example I can read mail from my ISP, which would otherwise
block me doing from an IP address which is not my own. I use Putty on
the Windows PC to connect via ssh and tunnel ports.

I'd like to tunnel Samba over the SSH link, but I seem to have problems
- it basically done not work at all. I've found information on the web
on samba over SSH, but I think it might be dated. I believe later
versions of Samba might use UDP in addition to TCP/IP, but I'm not sure
if its possible to tunnel UDP over SSH.

Hence is is still possible to use Samba over SSH?

Here are my current ipfilter firewall rules. Is there anything that I
can add that will allow samba to work over the link? (Don't worry about
there being too much open - there is a hardware firewall too).

block in on hme0 proto udp from any to 192.168.0.10/32 port = 137
block in on hme0 proto udp from any to 192.168.0.10/32 port = 138
block in on hme0 proto udp from any to 192.168.0.10/32 port = 139
block in on hme0 proto udp from any to 192.168.0.10/32 port = 4000
block in on hme0 proto udp from any to 192.168.0.10/32 port = 5801
block in on hme0 proto udp from any to 192.168.0.10/32 port = 5901
pass in on hme0 proto udp from 172.203.128.176 to 192.168.0.10/32 port =
8 keep state
pass in on hme0 proto udp from 172.203.128.176 to 192.168.0.10/32 port =
137 keep state
pass in on hme0 proto udp from 172.203.128.176 to 192.168.0.10/32 port =
138 keep state
pass in on hme0 proto udp from 172.203.128.176 to 192.168.0.10/32 port =
139 keep state
pass in on hme0 proto udp from 172.203.128.176 to 192.168.0.10/32 port =
4000 keep state
pass in on hme0 proto udp from 192.168.0.0/24 to 192.168.0.10/32 port =
137 keep state
pass in on hme0 proto udp from 192.168.0.0/24 to 192.168.0.10/32 port =
138 keep state
pass in on hme0 proto udp from 192.168.0.0/24 to 192.168.0.10/32 port =
139 keep state
block in on hme0 proto tcp from any to 192.168.0.10/32 port = 8
block in on hme0 proto tcp from any to 192.168.0.10/32 port = 22
block in on hme0 proto tcp from any to 192.168.0.10/32 port = 137
block in on hme0 proto tcp from any to 192.168.0.10/32 port = 138
block in on hme0 proto tcp from any to 192.168.0.10/32 port = 139
block in on hme0 proto tcp from any to 192.168.0.10/32 port = 445
block in on hme0 proto tcp from any to 192.168.0.10/32 port = 4000
block in on hme0 proto tcp from any to 192.168.0.10/32 port = 5801
block in on hme0 proto tcp from any to 192.168.0.10/32 port = 5901
pass in on hme0 proto tcp from 172.203.128.176 to 192.168.0.10/32 port =
22 keep state
pass in on hme0 proto tcp from 192.168.0.0/24 to 192.168.0.10/32 port =
22 keep state
pass in on hme0 proto tcp from 172.203.128.176 to 192.168.0.10/32 port =
137 keep state
pass in on hme0 proto tcp from 172.203.128.176 to 192.168.0.10/32 port =
138 keep state
pass in on hme0 proto tcp from 172.203.128.176 to 192.168.0.10/32 port =
139 keep state
pass in on hme0 proto tcp from 192.168.0.0/24 to 192.168.0.10/32 port =
137 keep state
pass in on hme0 proto tcp from 192.168.0.0/24 to 192.168.0.10/32 port =
138 keep state
pass in on hme0 proto tcp from 192.168.0.0/24 to 192.168.0.10/32 port =
139 keep state
pass in on hme0 proto tcp from 172.203.128.176 to 192.168.0.10/32 port =
5801 keep state
pass in on hme0 proto tcp from 172.203.128.176 to 192.168.0.10/32 port =
5901 keep state

Hi,
is a OpenVPN Tunnel a solution for you? I've got a OpenVPN tunnel to
extern and i'm very happy with it.

Greetings Rainer
.



Relevant Pages