On Wed, 9 Feb 2005, Paul Gienger wrote: > Date: Wed, 09 Feb 2005 08:54:57 -0600 > From: Paul Gienger <[EMAIL PROTECTED]> > To: JLB <[EMAIL PROTECTED]> > Cc: samba@lists.samba.org > Subject: Re: [Samba] Firewall piercing - The Specified network name is no > longer available. > > > >I'm trying to set up one of my Unix machines at home so I can access my > >stuff there via SMB from the Internet at large (read: from Windows-using > >clients'). > > > > > Are you saying that you're trying to allow access from 'random internet > user'(which is probably you) directly to your samba machine? You will > have problems with this if it is what you're doing. > > 1. because you may have a default filter on your firewalls that block it > from traversing, although I think most sane manufacturers took this rule > off now
I already poked and prodded at all such filters. They seem off now. > 2. because your ISP probably blocks/filters those ports. They don't. > 3. because it's a Bad Thing (TM)(R)(C) The chance of any random joker stumbling upon a dynamically allocated IP and h4x0ring into a password-protected share on a SPARC64 machine running OpenBSD with a recent version of Samba is .... ....slim. > > Spend a little time and set up a vpn endpoint on your box and just > forward the necessary ports over, i think openvpn is 5000. You'll be > much happier, sane, and protected as such. And I will make use of this on client machines with strict "Thou Shalt Not Install any Unauthorized Software" policies... how? I've already set up zero-install Web-based telnet, zero-install Web-based MP3 players... I even concocted a zero-install CygWin workalike and keep it on my keychain USB drive... now I need a zero-install way to access my files via Windows machines. And that means SMB. NOT OpenVPN, OpenSSH, OpenVMS or any other "Open". > > >I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by > >Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway > >device. > > > >I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445. > >Only port 139 actually responds to TCP connections (well, only port 139 > >accepts a telnet, even from localhost. > > > >See: > > > >-------------------------------------------------------------------------- > >-bash-2.05b# telnet localhost 137 > >Trying ::1... > >telnet: connect to address ::1: Connection refused > >Trying 127.0.0.1... > >telnet: connect to address 127.0.0.1: Connection refused > >-bash-2.05b# telnet localhost 138 > >Trying ::1... > >telnet: connect to address ::1: Connection refused > >Trying 127.0.0.1... > >telnet: connect to address 127.0.0.1: Connection refused > >-bash-2.05b# telnet localhost 139 > >Trying ::1... > >telnet: connect to address ::1: Connection refused > >Trying 127.0.0.1... > >Connected to localhost. > >Escape character is '^]'. > >^] > >telnet> close > >Connection closed. > >-bash-2.05b# telnet localhost 445 > >Trying ::1... > >telnet: connect to address ::1: Connection refused > >Trying 127.0.0.1... > >telnet: connect to address 127.0.0.1: Connection refused > >-------------------------------------------------------------------------- > > > >It should go without saying that this machine's Samba shares work > >PERFECTLY WELL within the LAN. ;) > > > >Now, from the outside, I can telnet to port 139 on the machine just fine, > >through both NAT devices. However, when I go Start, Run, > >\\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of > >the machine), Windows vomits up this unhelpful message: > > > > > >-------------------------------------------------- > >\\x.y.z.a\sharename > >The specified network name is no longer available. > >-------------------------------------------------- > > > >See: > > > >http://jlb.twu.net/tmp/unhelpful.png > > > >Any ideas? The client machine runs Windows 2000 Pro. > > > >-- > >J. L. Blank, Systems Administrator, twu.net > > > > > > -- > -- > Paul Gienger Office: 701-281-1884 > Applied Engineering Inc. > Systems Architect Fax: 701-281-1322 > URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] > > > -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba