Re: [Samba] Firewall piercing - The Specified network name is no longer available.
On Thu, 10 Feb 2005, Ilia Chipitsine wrote: Date: Thu, 10 Feb 2005 11:19:57 +0500 (YEKT) From: Ilia Chipitsine <[EMAIL PROTECTED]> To: JLB <[EMAIL PROTECTED]> Cc: samba@lists.samba.org Subject: Re: [Samba] Firewall piercing - The Specified network name is no longer available. pptp/vpn client is included in windows distribution as well. Is it an optional install? no, it is included by default. client is pretty well tested and works reasonably good since win95osr2. How does one use it? pptp is "ppp over gre", in windows terms workstation just establishes "dialup" connection to pptp server, if you have pptp/vpn server right between your internet and intranet, so, clients from both segments will be able to connect to it and IP will go over private subnet. that is what we use for almost 2 years. Start, Run, ...what? so, it is already installed on "ANY Windoze" :-) Please read my points on this sort of "solution" in the past. The whole REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze machine on the entire flippin' Internet and go: Start Run \\IP_ADDRESS\sharename (username) (password) POOF. If I have to install anything, the whole point is moot. On Thu, 10 Feb 2005, Ilia Chipitsine wrote: Date: Thu, 10 Feb 2005 09:58:32 +0500 (YEKT) From: Ilia Chipitsine <[EMAIL PROTECTED]> To: JLB <[EMAIL PROTECTED]> Cc: samba@lists.samba.org Subject: Re: [Samba] Firewall piercing - The Specified network name is no longer available. you can setup PPTP/VPN server and this eliminates need of using NAT. Hi all. I'm trying to set up one of my Unix machines at home so I can access my stuff there via SMB from the Internet at large (read: from Windows-using clients'). I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway device. I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445. Only port 139 actually responds to TCP connections (well, only port 139 accepts a telnet, even from localhost. See: -- -bash-2.05b# telnet localhost 137 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 138 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 139 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. ^] telnet> close Connection closed. -bash-2.05b# telnet localhost 445 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -- It should go without saying that this machine's Samba shares work PERFECTLY WELL within the LAN. ;) Now, from the outside, I can telnet to port 139 on the machine just fine, through both NAT devices. However, when I go Start, Run, \\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of the machine), Windows vomits up this unhelpful message: -- \\x.y.z.a\sharename The specified network name is no longer available. -- See: http://jlb.twu.net/tmp/unhelpful.png Any ideas? The client machine runs Windows 2000 Pro. -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- J. L. Blank, Systems Administrator, twu.net -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
Hi, i think you do not get the point: This is not a single point of failure. Getting your server sharing to the internet will give you nothing. Why? 1st showstopper: The admin of the pc you want to access your server from will have denied outgoing traffic for all smb-packets from the local LAN to the internet. Because windows machines tend to do heavy broadcasts to sync their browselists over these ports. This is unwanted traffic which must be paid for and which reduces available bandwidth. So the Admins block these ports to *save money* 2nd showstopper: Even if your ISP does not, many many ISPs silently drop all traffic on the smb-ports. why? Because there a to much homeusers not using firewalls and therefor their Windows-machines brodcast to the internet to sync their browselists. If ISPs would forward these packets (or answers to them) it would eat their bandwidth and money for nothing. That's the point why they drop these packets: *MONEY* 3rd showstopper: SMB is not designed for unreliable networks with many routers and their latency involved. SMB over internet simply will not work reliable. Christoph JLB schrieb: Also, my arrogant attitude is largely due to the fact that nobody's reading my points. I DO NOT want to install OpenVPN. I DO NOT want to run WinSCP. I DO NOT want to run an anonymous FTP server. I want to go: Start Run smb://IP_ADDRESS/sharename (username) (password) POOF. That is what I want. Period. It's not unreasonable; this is Samba, not some Win95 box waiting to be h4x0red. On Thu, 10 Feb 2005, Gordon Russell wrote: Date: Thu, 10 Feb 2005 09:22:48 -0500 From: Gordon Russell <[EMAIL PROTECTED]> Cc: JLB <[EMAIL PROTECTED]>, samba@lists.samba.org Subject: Re: [Samba] Firewall piercing - The Specified network name is no longer available. Dude -- Your arrogant attitude towards getting help and resolving your problem is not getting you anywhere -- its obviously problematic to pump SMB/CIFS into the internet the way you would like to. Why don't you look at a simpler solution like running an anonymous ftp server and then your pathetic windoze users can just type: ftp://server/directory POOF Please read my points on this sort of "solution" in the past. The whole REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze machine on the entire flippin' Internet and go: Start Run \\IP_ADDRESS\sharename (username) (password) POOF. -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
so run a non-anonymous ftp server and have them authenticate I realize you want to do it without installing client software, but you can do that via ftp and skip all the SMB jive JLB wrote: Also, my arrogant attitude is largely due to the fact that nobody's reading my points. I DO NOT want to install OpenVPN. I DO NOT want to run WinSCP. I DO NOT want to run an anonymous FTP server. I want to go: Start Run smb://IP_ADDRESS/sharename (username) (password) POOF. That is what I want. Period. It's not unreasonable; this is Samba, not some Win95 box waiting to be h4x0red. On Thu, 10 Feb 2005, Gordon Russell wrote: Date: Thu, 10 Feb 2005 09:22:48 -0500 From: Gordon Russell <[EMAIL PROTECTED]> Cc: JLB <[EMAIL PROTECTED]>, samba@lists.samba.org Subject: Re: [Samba] Firewall piercing - The Specified network name is no longer available. Dude -- Your arrogant attitude towards getting help and resolving your problem is not getting you anywhere -- its obviously problematic to pump SMB/CIFS into the internet the way you would like to. Why don't you look at a simpler solution like running an anonymous ftp server and then your pathetic windoze users can just type: ftp://server/directory POOF Please read my points on this sort of "solution" in the past. The whole REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze machine on the entire flippin' Internet and go: Start Run \\IP_ADDRESS\sharename (username) (password) POOF. -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
Also, my arrogant attitude is largely due to the fact that nobody's reading my points. I DO NOT want to install OpenVPN. I DO NOT want to run WinSCP. I DO NOT want to run an anonymous FTP server. I want to go: Start Run smb://IP_ADDRESS/sharename (username) (password) POOF. That is what I want. Period. It's not unreasonable; this is Samba, not some Win95 box waiting to be h4x0red. On Thu, 10 Feb 2005, Gordon Russell wrote: > Date: Thu, 10 Feb 2005 09:22:48 -0500 > From: Gordon Russell <[EMAIL PROTECTED]> > Cc: JLB <[EMAIL PROTECTED]>, samba@lists.samba.org > Subject: Re: [Samba] Firewall piercing - The Specified network name is no > longer available. > > Dude -- Your arrogant attitude towards getting help and resolving your > problem is not getting you anywhere -- its obviously problematic to pump > SMB/CIFS into the internet the way you would like to. Why don't you > look at a simpler solution like running an anonymous ftp server and then > your pathetic windoze users can just type: > > ftp://server/directory > > POOF > > > Please read my points on this sort of "solution" in the past. The whole > > REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze > > machine on the entire flippin' Internet and go: > > > > Start > > Run > > \\IP_ADDRESS\sharename > > (username) > > (password) > > > > POOF. > -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
Because an anonymous solution isn't sufficient. I want something easy-- BUT PASSWORD-PROTECTED. (And no, I don't use dictionary-word passwords.) On Thu, 10 Feb 2005, Gordon Russell wrote: > Date: Thu, 10 Feb 2005 09:22:48 -0500 > From: Gordon Russell <[EMAIL PROTECTED]> > Cc: JLB <[EMAIL PROTECTED]>, samba@lists.samba.org > Subject: Re: [Samba] Firewall piercing - The Specified network name is no > longer available. > > Dude -- Your arrogant attitude towards getting help and resolving your > problem is not getting you anywhere -- its obviously problematic to pump > SMB/CIFS into the internet the way you would like to. Why don't you > look at a simpler solution like running an anonymous ftp server and then > your pathetic windoze users can just type: > > ftp://server/directory > > POOF > > > Please read my points on this sort of "solution" in the past. The whole > > REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze > > machine on the entire flippin' Internet and go: > > > > Start > > Run > > \\IP_ADDRESS\sharename > > (username) > > (password) > > > > POOF. > -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
On Thu, 10 Feb 2005, Ilia Chipitsine wrote: > Date: Thu, 10 Feb 2005 11:19:57 +0500 (YEKT) > From: Ilia Chipitsine <[EMAIL PROTECTED]> > To: JLB <[EMAIL PROTECTED]> > Cc: samba@lists.samba.org > Subject: Re: [Samba] Firewall piercing - The Specified network name is no > longer available. > > pptp/vpn client is included in windows distribution as well. Is it an optional install? > client is pretty well tested and works reasonably good since win95osr2. How does one use it? Start, Run, ...what? > > so, it is already installed on "ANY Windoze" :-) > > > Please read my points on this sort of "solution" in the past. The whole > > REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze > > machine on the entire flippin' Internet and go: > > > > Start > > Run > > \\IP_ADDRESS\sharename > > (username) > > (password) > > > > POOF. > > > > If I have to install anything, the whole point is moot. > > > > On Thu, 10 Feb 2005, Ilia Chipitsine wrote: > > > >> Date: Thu, 10 Feb 2005 09:58:32 +0500 (YEKT) > >> From: Ilia Chipitsine <[EMAIL PROTECTED]> > >> To: JLB <[EMAIL PROTECTED]> > >> Cc: samba@lists.samba.org > >> Subject: Re: [Samba] Firewall piercing - The Specified network name is no > >> longer available. > >> > >> you can setup PPTP/VPN server and this eliminates need of using NAT. > >> > >>> Hi all. > >>> > >>> I'm trying to set up one of my Unix machines at home so I can access my > >>> stuff there via SMB from the Internet at large (read: from Windows-using > >>> clients'). > >>> > >>> I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by > >>> Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway > >>> device. > >>> > >>> I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445. > >>> Only port 139 actually responds to TCP connections (well, only port 139 > >>> accepts a telnet, even from localhost. > >>> > >>> See: > >>> > >>> -- > >>> -bash-2.05b# telnet localhost 137 > >>> Trying ::1... > >>> telnet: connect to address ::1: Connection refused > >>> Trying 127.0.0.1... > >>> telnet: connect to address 127.0.0.1: Connection refused > >>> -bash-2.05b# telnet localhost 138 > >>> Trying ::1... > >>> telnet: connect to address ::1: Connection refused > >>> Trying 127.0.0.1... > >>> telnet: connect to address 127.0.0.1: Connection refused > >>> -bash-2.05b# telnet localhost 139 > >>> Trying ::1... > >>> telnet: connect to address ::1: Connection refused > >>> Trying 127.0.0.1... > >>> Connected to localhost. > >>> Escape character is '^]'. > >>> ^] > >>> telnet> close > >>> Connection closed. > >>> -bash-2.05b# telnet localhost 445 > >>> Trying ::1... > >>> telnet: connect to address ::1: Connection refused > >>> Trying 127.0.0.1... > >>> telnet: connect to address 127.0.0.1: Connection refused > >>> -- > >>> > >>> It should go without saying that this machine's Samba shares work > >>> PERFECTLY WELL within the LAN. ;) > >>> > >>> Now, from the outside, I can telnet to port 139 on the machine just fine, > >>> through both NAT devices. However, when I go Start, Run, > >>> \\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of > >>> the machine), Windows vomits up this unhelpful message: > >>> > >>> > >>> -- > >>> \\x.y.z.a\sharename > >>> The specified network name is no longer available. > >>> -- > >>> > >>> See: > >>> > >>> http://jlb.twu.net/tmp/unhelpful.png > >>> > >>> Any ideas? The client machine runs Windows 2000 Pro. > >>> > >>> -- > >>> J. L. Blank, Systems Administrator, twu.net > >>> -- > >>> To unsubscribe from this list go to the following URL and read the > >>> instructions: https://lists.samba.org/mailman/listinfo/samba > >>> > >> > > > > -- > > J. L. Blank, Systems Administrator, twu.net > > > -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
On Wed, 9 Feb 2005, Craig White wrote: > Date: Wed, 09 Feb 2005 22:54:10 -0700 > From: Craig White <[EMAIL PROTECTED]> > To: JLB <[EMAIL PROTECTED]> > Cc: samba@lists.samba.org > Subject: Re: [Samba] Firewall piercing - The Specified network name is no > longer available. > > On Thu, 2005-02-10 at 00:11 -0500, JLB wrote: > > Please read my points on this sort of "solution" in the past. The whole > > REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze > > machine on the entire flippin' Internet and go: > > > > Start > > Run > > \\IP_ADDRESS\sharename > > (username) > > (password) > > > > POOF. > > and if you do that - someone else will 'poof' that machine before you > can do it Precisely how "0wnable" is a SPARC64 running a recent version of OpenBSD, with a recent version of Samba and a password-protected share, using a non-dictionary-word password? > > > > > If I have to install anything, the whole point is moot. > > > > seems like an idea that was DOA - moot is probably besides the point > > Craig > We're not talking about exposing a flippin' Win98 box to this traffic. You've yet to explain how/why my box is a security risk, with the software profile I've outlined for it. -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
Dude -- Your arrogant attitude towards getting help and resolving your problem is not getting you anywhere -- its obviously problematic to pump SMB/CIFS into the internet the way you would like to. Why don't you look at a simpler solution like running an anonymous ftp server and then your pathetic windoze users can just type: ftp://server/directory POOF Please read my points on this sort of "solution" in the past. The whole REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze machine on the entire flippin' Internet and go: Start Run \\IP_ADDRESS\sharename (username) (password) POOF. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
pptp/vpn is NOT opposite to "plain vanilla smb", it just allows You to maintain regular IP transport without NAT. and You can run your "plain vanilla SMB" over that protocol. Please read my points on this sort of "solution" in the past. The whole REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze machine on the entire flippin' Internet and go: Start Run \\IP_ADDRESS\sharename (username) (password) POOF. If I have to install anything, the whole point is moot. On Thu, 10 Feb 2005, Ilia Chipitsine wrote: Date: Thu, 10 Feb 2005 09:58:32 +0500 (YEKT) From: Ilia Chipitsine <[EMAIL PROTECTED]> To: JLB <[EMAIL PROTECTED]> Cc: samba@lists.samba.org Subject: Re: [Samba] Firewall piercing - The Specified network name is no longer available. you can setup PPTP/VPN server and this eliminates need of using NAT. Hi all. I'm trying to set up one of my Unix machines at home so I can access my stuff there via SMB from the Internet at large (read: from Windows-using clients'). I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway device. I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445. Only port 139 actually responds to TCP connections (well, only port 139 accepts a telnet, even from localhost. See: -- -bash-2.05b# telnet localhost 137 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 138 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 139 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. ^] telnet> close Connection closed. -bash-2.05b# telnet localhost 445 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -- It should go without saying that this machine's Samba shares work PERFECTLY WELL within the LAN. ;) Now, from the outside, I can telnet to port 139 on the machine just fine, through both NAT devices. However, when I go Start, Run, \\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of the machine), Windows vomits up this unhelpful message: -- \\x.y.z.a\sharename The specified network name is no longer available. -- See: http://jlb.twu.net/tmp/unhelpful.png Any ideas? The client machine runs Windows 2000 Pro. -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
pptp/vpn client is included in windows distribution as well. client is pretty well tested and works reasonably good since win95osr2. so, it is already installed on "ANY Windoze" :-) Please read my points on this sort of "solution" in the past. The whole REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze machine on the entire flippin' Internet and go: Start Run \\IP_ADDRESS\sharename (username) (password) POOF. If I have to install anything, the whole point is moot. On Thu, 10 Feb 2005, Ilia Chipitsine wrote: Date: Thu, 10 Feb 2005 09:58:32 +0500 (YEKT) From: Ilia Chipitsine <[EMAIL PROTECTED]> To: JLB <[EMAIL PROTECTED]> Cc: samba@lists.samba.org Subject: Re: [Samba] Firewall piercing - The Specified network name is no longer available. you can setup PPTP/VPN server and this eliminates need of using NAT. Hi all. I'm trying to set up one of my Unix machines at home so I can access my stuff there via SMB from the Internet at large (read: from Windows-using clients'). I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway device. I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445. Only port 139 actually responds to TCP connections (well, only port 139 accepts a telnet, even from localhost. See: -- -bash-2.05b# telnet localhost 137 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 138 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 139 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. ^] telnet> close Connection closed. -bash-2.05b# telnet localhost 445 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -- It should go without saying that this machine's Samba shares work PERFECTLY WELL within the LAN. ;) Now, from the outside, I can telnet to port 139 on the machine just fine, through both NAT devices. However, when I go Start, Run, \\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of the machine), Windows vomits up this unhelpful message: -- \\x.y.z.a\sharename The specified network name is no longer available. -- See: http://jlb.twu.net/tmp/unhelpful.png Any ideas? The client machine runs Windows 2000 Pro. -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
On Thu, 2005-02-10 at 00:11 -0500, JLB wrote: > Please read my points on this sort of "solution" in the past. The whole > REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze > machine on the entire flippin' Internet and go: > > Start > Run > \\IP_ADDRESS\sharename > (username) > (password) > > POOF. and if you do that - someone else will 'poof' that machine before you can do it > > If I have to install anything, the whole point is moot. > seems like an idea that was DOA - moot is probably besides the point Craig -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
Please read my points on this sort of "solution" in the past. The whole REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze machine on the entire flippin' Internet and go: Start Run \\IP_ADDRESS\sharename (username) (password) POOF. If I have to install anything, the whole point is moot. On Thu, 10 Feb 2005, Ilia Chipitsine wrote: > Date: Thu, 10 Feb 2005 09:58:32 +0500 (YEKT) > From: Ilia Chipitsine <[EMAIL PROTECTED]> > To: JLB <[EMAIL PROTECTED]> > Cc: samba@lists.samba.org > Subject: Re: [Samba] Firewall piercing - The Specified network name is no > longer available. > > you can setup PPTP/VPN server and this eliminates need of using NAT. > > > Hi all. > > > > I'm trying to set up one of my Unix machines at home so I can access my > > stuff there via SMB from the Internet at large (read: from Windows-using > > clients'). > > > > I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by > > Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway > > device. > > > > I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445. > > Only port 139 actually responds to TCP connections (well, only port 139 > > accepts a telnet, even from localhost. > > > > See: > > > > -- > > -bash-2.05b# telnet localhost 137 > > Trying ::1... > > telnet: connect to address ::1: Connection refused > > Trying 127.0.0.1... > > telnet: connect to address 127.0.0.1: Connection refused > > -bash-2.05b# telnet localhost 138 > > Trying ::1... > > telnet: connect to address ::1: Connection refused > > Trying 127.0.0.1... > > telnet: connect to address 127.0.0.1: Connection refused > > -bash-2.05b# telnet localhost 139 > > Trying ::1... > > telnet: connect to address ::1: Connection refused > > Trying 127.0.0.1... > > Connected to localhost. > > Escape character is '^]'. > > ^] > > telnet> close > > Connection closed. > > -bash-2.05b# telnet localhost 445 > > Trying ::1... > > telnet: connect to address ::1: Connection refused > > Trying 127.0.0.1... > > telnet: connect to address 127.0.0.1: Connection refused > > -- > > > > It should go without saying that this machine's Samba shares work > > PERFECTLY WELL within the LAN. ;) > > > > Now, from the outside, I can telnet to port 139 on the machine just fine, > > through both NAT devices. However, when I go Start, Run, > > \\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of > > the machine), Windows vomits up this unhelpful message: > > > > > > -- > > \\x.y.z.a\sharename > > The specified network name is no longer available. > > -- > > > > See: > > > > http://jlb.twu.net/tmp/unhelpful.png > > > > Any ideas? The client machine runs Windows 2000 Pro. > > > > -- > > J. L. Blank, Systems Administrator, twu.net > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/listinfo/samba > > > -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
you can setup PPTP/VPN server and this eliminates need of using NAT. Hi all. I'm trying to set up one of my Unix machines at home so I can access my stuff there via SMB from the Internet at large (read: from Windows-using clients'). I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway device. I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445. Only port 139 actually responds to TCP connections (well, only port 139 accepts a telnet, even from localhost. See: -- -bash-2.05b# telnet localhost 137 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 138 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 139 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. ^] telnet> close Connection closed. -bash-2.05b# telnet localhost 445 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -- It should go without saying that this machine's Samba shares work PERFECTLY WELL within the LAN. ;) Now, from the outside, I can telnet to port 139 on the machine just fine, through both NAT devices. However, when I go Start, Run, \\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of the machine), Windows vomits up this unhelpful message: -- \\x.y.z.a\sharename The specified network name is no longer available. -- See: http://jlb.twu.net/tmp/unhelpful.png Any ideas? The client machine runs Windows 2000 Pro. -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
On Wed, 9 Feb 2005, Paul Gienger wrote: > >You're confusing the sides of the firewall. > >The restrictive security policies are on the side of the clients I work > >for. THEIR firewalls are often quite restrictive. > > > > > Ok, I've almost responded at least a couple times, but this is getting > ludicrious now. If they're restrictive on their side, then how the hell > do you plan on getting out with your traffic??? Why would they restrict OUTGOING SMB/CIFS traffic? > > Besides that, I'd be really surprised if this connection would work at > all with the sheer number of different networks you'd be crossing, any > number of which are filtering for smb ported traffic. Most consumer > grade ISPs filter for all these ports, the one you run your mail server > on seems to, or at least your server is filtered. Our firewalls will > allow just about anything out, but not smb because it's just wrong. I > believe some of these ports talk back to you also, at least 445, so > you're probably not going to get back with the corresponding channel, > much like non-passive ftp. > > >The other side of the equation is my box at home, which has no such > >policy. > > > > > Who is your ISP? I'd love a no-rules account with them. > I mean they don't seem to filter things, or at least not that I've found. > >>>I even concocted a zero-install CygWin workalike and > >>>keep it on my keychain USB drive... > >>> > >>> > Do you have nmap? try and portscan your home box and see if you get the > ports... it will tell you if you're getting filtered or not. I'm > guessing this is the case > [EMAIL PROTECTED] bar]# nmap baz.fnord.net -sT Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on x.big-isp.net (x.y.z.a): (The 1593 ports scanned but not shown below are in state: closed) Port State Service 21/tcp openftp 22/tcp openssh 23/tcp filteredtelnet 25/tcp opensmtp 80/tcp openhttp 139/tcpopennetbios-ssn 443/tcpopenhttps 8080/tcp openhttp-proxy Nmap run completed -- 1 IP address (1 host up) scanned in 16 seconds [EMAIL PROTECTED] bar]# Does that answer your question? > -- > -- > Paul GiengerOffice: 701-281-1884 > Applied Engineering Inc. > Systems Architect Fax:701-281-1322 > URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] > > > -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
You're confusing the sides of the firewall. The restrictive security policies are on the side of the clients I work for. THEIR firewalls are often quite restrictive. Ok, I've almost responded at least a couple times, but this is getting ludicrious now. If they're restrictive on their side, then how the hell do you plan on getting out with your traffic??? Besides that, I'd be really surprised if this connection would work at all with the sheer number of different networks you'd be crossing, any number of which are filtering for smb ported traffic. Most consumer grade ISPs filter for all these ports, the one you run your mail server on seems to, or at least your server is filtered. Our firewalls will allow just about anything out, but not smb because it's just wrong. I believe some of these ports talk back to you also, at least 445, so you're probably not going to get back with the corresponding channel, much like non-passive ftp. The other side of the equation is my box at home, which has no such policy. Who is your ISP? I'd love a no-rules account with them. I even concocted a zero-install CygWin workalike and keep it on my keychain USB drive... Do you have nmap? try and portscan your home box and see if you get the ports... it will tell you if you're getting filtered or not. I'm guessing this is the case -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
On Wed, 9 Feb 2005, [ISO-8859-1] Jörn Nettingsmeier wrote: > > The chance of any random joker stumbling upon a dynamically allocated IP > > and h4x0ring into a password-protected share on a SPARC64 machine running > > OpenBSD with a recent version of Samba is > > > > slim. > > maybe, but this is such an abysmal solution that you should just forget > about it. how can somebody both geeky and security-concious enough to > run openbsd on a 64bit sparc even consider letting smb traffic out on > the internet Because I don't keep anything private on the share I'd be allowing out? Because I won't be flinging around private files even if I did have the private files there (and the filenames themselves contain nothing incriminating, even among my personal stuff)? Because the chance of someone sitting there with a packet sniffer between Joe Windows-using Client and my home box, watching for my personal shite is VERY slim? Because, as noted earlier, the chance of someone 0wning my SPARC64/OpenBSD box, with its recent version of Samba, REGARDLESS of how many SMB ports I open, is quite slim? Because the convenience I would gain (i.e. being able to access work-related files, MP3s, etc. without circumventing or bending ANY corporate "thou shalt not install anything" poolicies) would outweigh any miniscule risks? > > >>Spend a little time and set up a vpn endpoint on your box and just > >>forward the necessary ports over, i think openvpn is 5000. You'll be > >>much happier, sane, and protected as such. > > > > > > And I will make use of this on client machines with strict "Thou Shalt Not > > Install any Unauthorized Software" policies... how? > > wait. you have such a restrictive security policy (which you are > obviously willing to respect), and at the same time you want to bypass > the most basic security precautions by tunnelling the living shit out of > the firewall and having unprotected smb over the internet? > sorry, but this does not make sense at all. You're confusing the sides of the firewall. The restrictive security policies are on the side of the clients I work for. THEIR firewalls are often quite restrictive. The other side of the equation is my box at home, which has no such policy. > > > I've already set up zero-install Web-based telnet, zero-install Web-based > > MP3 players... I even concocted a zero-install CygWin workalike and > > keep it on my keychain USB drive... > > just keep putty and winscp on your keychain as well. Why do that, and leave suspicious entries in the run history, when you can do it right in the browser? > > > now I need a zero-install way to > > access my files via Windows machines. And that means SMB. NOT OpenVPN, > > OpenSSH, OpenVMS or any other "Open". > > talk to the guy who enforces the security policy at your site. this > should be worked out in a sane fashion, and your network admin will > benefit as well by not having to cope rogue tunnels and other weird stuff. I temp. I'm often at a client for one or two days. Not enough time to gain a rapport with the network person (who is often an idiot MCSE-type), much less to actually get him/her to work around the policy. > > i mean, you are a sysadmin too. if you say "no" to something on your > networks, you want that to mean "no", don't you? > I don't generally say "no", except where it's something possibly incriminating. > i have a policy here that people can use tunnels if they must, but i > require *notification* and want to give the users a quick run-down on > what not to do (anybody seen those funny ssh tunnels on port 25 with the > open-to-the-world switch on ? great fun indeed. "oh, i thought it's ok > since everything is encrypted, right?") > > > > -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
So am I correct in assuming nobody has any further suggestions? Is there at least a way to get the damned thing to LOG PROPERLY? Is there a way to talk "raw SMB" by telnetting into the port and typing, like how one can speak "raw SMTP" by telnetting to port 25? I need a way of diagnosing the problem. Is there a simple Perl script out somewhere that simply attempts to connect to a SMB/CIFS share and returns detailed information on what's going on? E.g.: > Trying to connect to 1.2.3.4 on port 139... > SUCCESS > > Trying to query list of shares... > SUCCESS > > Trying to connect to share FOO... > FAILED; error code returned is 862 ("Bad Foo or Bar") I need a way to DIAGNOSE this problem. On Wed, 9 Feb 2005, JLB wrote: > Date: Wed, 9 Feb 2005 10:20:09 -0500 (EST) > From: JLB <[EMAIL PROTECTED]> > To: Aaron J. Zirbes <[EMAIL PROTECTED]> > Cc: samba@lists.samba.org > Subject: Re: [Samba] Firewall piercing - The Specified network name is no > longer available. > > On Wed, 9 Feb 2005, Aaron J. Zirbes wrote: > > > Date: Wed, 09 Feb 2005 09:16:46 -0600 > > From: Aaron J. Zirbes <[EMAIL PROTECTED]> > > To: JLB <[EMAIL PROTECTED]> > > Cc: samba@lists.samba.org > > Subject: Re: [Samba] Firewall piercing - The Specified network name is no > > longer available. > > > > JLB wrote: > > > I've already set up zero-install Web-based telnet, zero-install Web-based > > > MP3 players... I even concocted a zero-install CygWin workalike and > > > keep it on my keychain USB drive... now I need a zero-install way to > > > access my files via Windows machines. And that means SMB. NOT OpenVPN, > > > OpenSSH, OpenVMS or any other "Open". > > > > > > WinSCP is a MUCH better way to go for this type of thing. ...And it can > > be zero-install. > > > > FYI, this will need to connect to an SSH server, > > ...I know what WinSCP is, and I certainly know how it works ;) > > > and if you're running > > OpenBSD... (one of the Opens... hehe) it will be probably be via > > OpenSSH... (another "Open") > > > > b.t.w., I'm also curious why you threw that "OpenVMS" in there with > > OpenSSH and OpenVPN? OpenVMS is an operating system typically run on > > Digital hardware. > > Just because it began with "Open" and ended in a three-letter acronym. Had > I been able to think of another, fourth such word, I would have tossed it > in as well ;) > > > > > P.S. If you don't want any "Open" software, may I ask why you are > > running OpenBSD? > > It was merely a play on words. > I happen to LIKE the "Open" software. > However, typical Windows-running people (who get skittish enough when you > simply open a command prompt window, thinking you're "hacking") make my > job more difficult by creating a situation in which things go much more > smoothly when I don't have to install ANYTHING, much less some open-source > software that'll creep them out. > > (N.b. in some situations, installing open-source/free software on Windows > boxes run by F/OSS-phobic Windows types makes a lot more sense than NOT > doing so... e.g. I am about to half-heartedly start a project for people > to install FireFox on Windows users' computers, sometimes without their > knowledge, but that's due to the impact of spambot-infested Windows boxes > on the Internet at large, and the global impact of productivity lost to > the slowdowns caused by spyware) > > > > > > > -- > > Aaron Zirbes > > Systems Administrator > > Environmental Health Sciences > > University of Minnesota > > > > > > JLB wrote: > > > On Wed, 9 Feb 2005, Paul Gienger wrote: > > > > > > > > >>Date: Wed, 09 Feb 2005 08:54:57 -0600 > > >>From: Paul Gienger <[EMAIL PROTECTED]> > > >>To: JLB <[EMAIL PROTECTED]> > > >>Cc: samba@lists.samba.org > > >>Subject: Re: [Samba] Firewall piercing - The Specified network name is no > > >>longer available. > > >> > > >> > > >> > > >>>I'm trying to set up one of my Unix machines at home so I can access my > > >>>stuff there via SMB from the Internet at large (read: from Windows-using > > >>>clients'). > > >>> > > >>> > > >> > > >>Are you saying that you're trying to allow access from 'random internet > > >>user'(which is probably you) directly to y
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
On Wed, 9 Feb 2005, Aaron J. Zirbes wrote: > Date: Wed, 09 Feb 2005 09:16:46 -0600 > From: Aaron J. Zirbes <[EMAIL PROTECTED]> > To: JLB <[EMAIL PROTECTED]> > Cc: samba@lists.samba.org > Subject: Re: [Samba] Firewall piercing - The Specified network name is no > longer available. > > JLB wrote: > > I've already set up zero-install Web-based telnet, zero-install Web-based > > MP3 players... I even concocted a zero-install CygWin workalike and > > keep it on my keychain USB drive... now I need a zero-install way to > > access my files via Windows machines. And that means SMB. NOT OpenVPN, > > OpenSSH, OpenVMS or any other "Open". > > > WinSCP is a MUCH better way to go for this type of thing. ...And it can > be zero-install. > > FYI, this will need to connect to an SSH server, ...I know what WinSCP is, and I certainly know how it works ;) > and if you're running > OpenBSD... (one of the Opens... hehe) it will be probably be via > OpenSSH... (another "Open") > > b.t.w., I'm also curious why you threw that "OpenVMS" in there with > OpenSSH and OpenVPN? OpenVMS is an operating system typically run on > Digital hardware. Just because it began with "Open" and ended in a three-letter acronym. Had I been able to think of another, fourth such word, I would have tossed it in as well ;) > > P.S. If you don't want any "Open" software, may I ask why you are > running OpenBSD? It was merely a play on words. I happen to LIKE the "Open" software. However, typical Windows-running people (who get skittish enough when you simply open a command prompt window, thinking you're "hacking") make my job more difficult by creating a situation in which things go much more smoothly when I don't have to install ANYTHING, much less some open-source software that'll creep them out. (N.b. in some situations, installing open-source/free software on Windows boxes run by F/OSS-phobic Windows types makes a lot more sense than NOT doing so... e.g. I am about to half-heartedly start a project for people to install FireFox on Windows users' computers, sometimes without their knowledge, but that's due to the impact of spambot-infested Windows boxes on the Internet at large, and the global impact of productivity lost to the slowdowns caused by spyware) > > > -- > Aaron Zirbes > Systems Administrator > Environmental Health Sciences > University of Minnesota > > > JLB wrote: > > On Wed, 9 Feb 2005, Paul Gienger wrote: > > > > > >>Date: Wed, 09 Feb 2005 08:54:57 -0600 > >>From: Paul Gienger <[EMAIL PROTECTED]> > >>To: JLB <[EMAIL PROTECTED]> > >>Cc: samba@lists.samba.org > >>Subject: Re: [Samba] Firewall piercing - The Specified network name is no > >>longer available. > >> > >> > >> > >>>I'm trying to set up one of my Unix machines at home so I can access my > >>>stuff there via SMB from the Internet at large (read: from Windows-using > >>>clients'). > >>> > >>> > >> > >>Are you saying that you're trying to allow access from 'random internet > >>user'(which is probably you) directly to your samba machine? You will > >>have problems with this if it is what you're doing. > >> > >>1. because you may have a default filter on your firewalls that block it > >>from traversing, although I think most sane manufacturers took this rule > >>off now > > > > > > I already poked and prodded at all such filters. They seem off now. > > > > > >>2. because your ISP probably blocks/filters those ports. > > > > > > They don't. > > > > > >>3. because it's a Bad Thing (TM)(R)(C) > > > > > > The chance of any random joker stumbling upon a dynamically allocated IP > > and h4x0ring into a password-protected share on a SPARC64 machine running > > OpenBSD with a recent version of Samba is > > > > slim. > > > > > >>Spend a little time and set up a vpn endpoint on your box and just > >>forward the necessary ports over, i think openvpn is 5000. You'll be > >>much happier, sane, and protected as such. > > > > > > And I will make use of this on client machines with strict "Thou Shalt Not > > Install any Unauthorized Software" policies... how? > > > > I've already set up zero-install Web-based telnet, zero-install Web-based > > MP3 players... I even concocted a zero-install CygWin workalike and >
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
JLB wrote: > I've already set up zero-install Web-based telnet, zero-install Web-based > MP3 players... I even concocted a zero-install CygWin workalike and > keep it on my keychain USB drive... now I need a zero-install way to > access my files via Windows machines. And that means SMB. NOT OpenVPN, > OpenSSH, OpenVMS or any other "Open". WinSCP is a MUCH better way to go for this type of thing. ...And it can be zero-install. FYI, this will need to connect to an SSH server, and if you're running OpenBSD... (one of the Opens... hehe) it will be probably be via OpenSSH... (another "Open") b.t.w., I'm also curious why you threw that "OpenVMS" in there with OpenSSH and OpenVPN? OpenVMS is an operating system typically run on Digital hardware. P.S. If you don't want any "Open" software, may I ask why you are running OpenBSD? -- Aaron Zirbes Systems Administrator Environmental Health Sciences University of Minnesota JLB wrote: On Wed, 9 Feb 2005, Paul Gienger wrote: Date: Wed, 09 Feb 2005 08:54:57 -0600 From: Paul Gienger <[EMAIL PROTECTED]> To: JLB <[EMAIL PROTECTED]> Cc: samba@lists.samba.org Subject: Re: [Samba] Firewall piercing - The Specified network name is no longer available. I'm trying to set up one of my Unix machines at home so I can access my stuff there via SMB from the Internet at large (read: from Windows-using clients'). Are you saying that you're trying to allow access from 'random internet user'(which is probably you) directly to your samba machine? You will have problems with this if it is what you're doing. 1. because you may have a default filter on your firewalls that block it from traversing, although I think most sane manufacturers took this rule off now I already poked and prodded at all such filters. They seem off now. 2. because your ISP probably blocks/filters those ports. They don't. 3. because it's a Bad Thing (TM)(R)(C) The chance of any random joker stumbling upon a dynamically allocated IP and h4x0ring into a password-protected share on a SPARC64 machine running OpenBSD with a recent version of Samba is slim. Spend a little time and set up a vpn endpoint on your box and just forward the necessary ports over, i think openvpn is 5000. You'll be much happier, sane, and protected as such. And I will make use of this on client machines with strict "Thou Shalt Not Install any Unauthorized Software" policies... how? I've already set up zero-install Web-based telnet, zero-install Web-based MP3 players... I even concocted a zero-install CygWin workalike and keep it on my keychain USB drive... now I need a zero-install way to access my files via Windows machines. And that means SMB. NOT OpenVPN, OpenSSH, OpenVMS or any other "Open". I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway device. I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445. Only port 139 actually responds to TCP connections (well, only port 139 accepts a telnet, even from localhost. See: -- -bash-2.05b# telnet localhost 137 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 138 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 139 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. ^] telnet> close Connection closed. -bash-2.05b# telnet localhost 445 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -- It should go without saying that this machine's Samba shares work PERFECTLY WELL within the LAN. ;) Now, from the outside, I can telnet to port 139 on the machine just fine, through both NAT devices. However, when I go Start, Run, \\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of the machine), Windows vomits up this unhelpful message: -- \\x.y.z.a\sharename The specified network name is no longer available. -- See: http://jlb.twu.net/tmp/unhelpful.png Any ideas? The client machine runs Windows 2000 Pro. -- J. L. Blank, Systems Administrator, twu.net -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solution
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
On Wed, 9 Feb 2005, Paul Gienger wrote: > Date: Wed, 09 Feb 2005 08:54:57 -0600 > From: Paul Gienger <[EMAIL PROTECTED]> > To: JLB <[EMAIL PROTECTED]> > Cc: samba@lists.samba.org > Subject: Re: [Samba] Firewall piercing - The Specified network name is no > longer available. > > > >I'm trying to set up one of my Unix machines at home so I can access my > >stuff there via SMB from the Internet at large (read: from Windows-using > >clients'). > > > > > Are you saying that you're trying to allow access from 'random internet > user'(which is probably you) directly to your samba machine? You will > have problems with this if it is what you're doing. > > 1. because you may have a default filter on your firewalls that block it > from traversing, although I think most sane manufacturers took this rule > off now I already poked and prodded at all such filters. They seem off now. > 2. because your ISP probably blocks/filters those ports. They don't. > 3. because it's a Bad Thing (TM)(R)(C) The chance of any random joker stumbling upon a dynamically allocated IP and h4x0ring into a password-protected share on a SPARC64 machine running OpenBSD with a recent version of Samba is slim. > > Spend a little time and set up a vpn endpoint on your box and just > forward the necessary ports over, i think openvpn is 5000. You'll be > much happier, sane, and protected as such. And I will make use of this on client machines with strict "Thou Shalt Not Install any Unauthorized Software" policies... how? I've already set up zero-install Web-based telnet, zero-install Web-based MP3 players... I even concocted a zero-install CygWin workalike and keep it on my keychain USB drive... now I need a zero-install way to access my files via Windows machines. And that means SMB. NOT OpenVPN, OpenSSH, OpenVMS or any other "Open". > > >I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by > >Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway > >device. > > > >I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445. > >Only port 139 actually responds to TCP connections (well, only port 139 > >accepts a telnet, even from localhost. > > > >See: > > > >-- > >-bash-2.05b# telnet localhost 137 > >Trying ::1... > >telnet: connect to address ::1: Connection refused > >Trying 127.0.0.1... > >telnet: connect to address 127.0.0.1: Connection refused > >-bash-2.05b# telnet localhost 138 > >Trying ::1... > >telnet: connect to address ::1: Connection refused > >Trying 127.0.0.1... > >telnet: connect to address 127.0.0.1: Connection refused > >-bash-2.05b# telnet localhost 139 > >Trying ::1... > >telnet: connect to address ::1: Connection refused > >Trying 127.0.0.1... > >Connected to localhost. > >Escape character is '^]'. > >^] > >telnet> close > >Connection closed. > >-bash-2.05b# telnet localhost 445 > >Trying ::1... > >telnet: connect to address ::1: Connection refused > >Trying 127.0.0.1... > >telnet: connect to address 127.0.0.1: Connection refused > >-- > > > >It should go without saying that this machine's Samba shares work > >PERFECTLY WELL within the LAN. ;) > > > >Now, from the outside, I can telnet to port 139 on the machine just fine, > >through both NAT devices. However, when I go Start, Run, > >\\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of > >the machine), Windows vomits up this unhelpful message: > > > > > >-- > >\\x.y.z.a\sharename > >The specified network name is no longer available. > >-- > > > >See: > > > >http://jlb.twu.net/tmp/unhelpful.png > > > >Any ideas? The client machine runs Windows 2000 Pro. > > > >-- > >J. L. Blank, Systems Administrator, twu.net > > > > > > -- > -- > Paul GiengerOffice: 701-281-1884 > Applied Engineering Inc. > Systems Architect Fax:701-281-1322 > URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] > > > -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Firewall piercing - The Specified network name is no longer available.
I'm trying to set up one of my Unix machines at home so I can access my stuff there via SMB from the Internet at large (read: from Windows-using clients'). Are you saying that you're trying to allow access from 'random internet user'(which is probably you) directly to your samba machine? You will have problems with this if it is what you're doing. 1. because you may have a default filter on your firewalls that block it from traversing, although I think most sane manufacturers took this rule off now 2. because your ISP probably blocks/filters those ports. 3. because it's a Bad Thing (TM)(R)(C) Spend a little time and set up a vpn endpoint on your box and just forward the necessary ports over, i think openvpn is 5000. You'll be much happier, sane, and protected as such. I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway device. I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445. Only port 139 actually responds to TCP connections (well, only port 139 accepts a telnet, even from localhost. See: -- -bash-2.05b# telnet localhost 137 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 138 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 139 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. ^] telnet> close Connection closed. -bash-2.05b# telnet localhost 445 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -- It should go without saying that this machine's Samba shares work PERFECTLY WELL within the LAN. ;) Now, from the outside, I can telnet to port 139 on the machine just fine, through both NAT devices. However, when I go Start, Run, \\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of the machine), Windows vomits up this unhelpful message: -- \\x.y.z.a\sharename The specified network name is no longer available. -- See: http://jlb.twu.net/tmp/unhelpful.png Any ideas? The client machine runs Windows 2000 Pro. -- J. L. Blank, Systems Administrator, twu.net -- -- Paul GiengerOffice: 701-281-1884 Applied Engineering Inc. Systems Architect Fax:701-281-1322 URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Firewall piercing - The Specified network name is no longer available.
Hi all. I'm trying to set up one of my Unix machines at home so I can access my stuff there via SMB from the Internet at large (read: from Windows-using clients'). I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway device. I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445. Only port 139 actually responds to TCP connections (well, only port 139 accepts a telnet, even from localhost. See: -- -bash-2.05b# telnet localhost 137 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 138 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -bash-2.05b# telnet localhost 139 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. ^] telnet> close Connection closed. -bash-2.05b# telnet localhost 445 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... telnet: connect to address 127.0.0.1: Connection refused -- It should go without saying that this machine's Samba shares work PERFECTLY WELL within the LAN. ;) Now, from the outside, I can telnet to port 139 on the machine just fine, through both NAT devices. However, when I go Start, Run, \\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of the machine), Windows vomits up this unhelpful message: -- \\x.y.z.a\sharename The specified network name is no longer available. -- See: http://jlb.twu.net/tmp/unhelpful.png Any ideas? The client machine runs Windows 2000 Pro. -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba