# Samba via Internet

## T0M3K

I got Verizon DSL upload upgrade, so I want to use this upload for something.

My friend and I have lots of data, shared on individual networks by samba. He has BSD, I have gentoo. Is there a safe way of secure and fast connection of  those servers.

----------

## nobspangle

you may be able to tunnel the smb connection over ssh (not quite sure which ports you need though) or you could set up some sort of vpn

----------

## T0M3K

I think the port needed is 135 or 139, I always confuse both of them.

The SSH sounds like a good idea. Only one port open and it's secure.

I only wonder how to do it.

----------

## davidblewett

Do a google search for SSH and Port Forwarding. Basically, you want to create the SSH tunnel to the other machine then forward all requests to a pre-determined local port to the other machine's Samba port. This way, all traffic from the local port and remote Samba port goes over the SSH tunnel. I use this method to securely transmit email over IMAP without having to configure imap-ssl or even allowing IMAP access to the outside world. You can also use Squid, and be able to surf the internet from anywhere with all the traffic going over the SSH tunnel. Effectively cuts out any monitoring of web traffic.

----------

## nobspangle

http://hr.uoregon.edu/davidrl/samba.html#ssh

This example is to connect to a samba server from a windows client but I just tested it quickly from one samba machine to another and it works great.

First stop Samba on one machine then from that machine

ssh -L 139:localhost:139 ip.of.other.server

and you should be able to browse the shares on the other machine, be warned it's damn slow

----------

## T0M3K

I want it to work in two ways, so both servers can share their own files in addition to those transported over SSH.  But will there be conflict if one SMB server connected to another (via SSH) and still be able to share from both of them to my local LAN.

----------

## shagrat

I would say an FTP server would suit your needs better

----------

## nobspangle

 *T0M3K wrote:*   

> I want it to work in two ways, so both servers can share their own files in addition to those transported over SSH.  But will there be conflict if one SMB server connected to another (via SSH) and still be able to share from both of them to my local LAN.

 

This is tricky as samba and ssh will both be trying to listen to the same port. You could either get ssh to listen on a different port and use some kind of port translation to shift incoming traffic on 139 to the new port. Or you could set up some IP aliases and then make samba listen to one adaptor and ssh to another.

----------

## arut8ur

maybe you can use the new port microsoft-ds   445/tcp

Supported for windows 2000 and samba x.y.z

the service on this port connects direct over the TCP stream,..

NetBIOS over TCP in MS terminology,..

This is better, because it more connection oriented, and does not need so many ports,..

See the SAMBA documentation for more information

----------

## jbpros

You may consider using VPN as previously proposed. Two years ago I was using IPsec (freeswan) between three trusted LANs. It was working well but not that easy to implement. Plus you have to consider that IPsec gateways will not see each other on the VPN (correct me if I'm wrong), thus you'll have to use one box more per LAN to handle the IPsec connection.

This solution goes maybe further than what you asked, but it allows a complete transparent  implementation of samba and all other trafic between your LANs.

If some people have more recent ideas about VPN solutions I'm curious to read it  :Smile: 

----------

## Fitzsimmons

 *shagrat wrote:*   

> I would say an FTP server would suit your needs better

 

I strongly agree.

----------

## davidblewett

SSH can implement sFTP.  You can use WinSCP in windows to connect, or use scp in linux.

----------

## r.j.hall

if your both running unix just give each other an account on the box and use scp or sftp to transfer files.   ftp is not secure and will transmit your passwords in the cleartext.     if you want to make your two networks connected for other things as well look at the frees/wan ipsec project for doing gateway to gateway encryption 

http://www.linuxsecurity.com/resource_files/cryptography/ipsec-howto/HOWTO.html

you could also look here

http://www.freeswan.org/

although be aware that the frees/wan project has stopped development

----------

## Fitzsimmons

You could also tunnel FTP through ssh or use SSL on your FTP (which I have no idea how to set up but I know it exists).  On a two user basis however, just use SFTP or SCP.

----------

## georwell

openvpn is what you want.  Works great using NAT too.  Very simple to setup and only takes one port   :Smile:   I use it all the time so my folks and grab stuff off my machine using windows networking even though I am in Sweden and them in the US.

Just set it to bridge mode and watch its magic.   :Smile: 

----------

## T0M3K

FTP is out of question, because it doesn't allow easy browsing and streaming.

I don't want to use ftp on each of the computer on my lan.

VPN is very interesting. I'll take a look at it.

----------

## Fitzsimmons

 *T0M3K wrote:*   

> FTP is out of question, because it doesn't allow easy browsing and streaming.
> 
> 

 

What do you mean?  What is bad about ftp browsing?  What is better?  What do you mean by streaming?

 *TOM3K wrote:*   

> 
> 
> I don't want to use ftp on each of the computer on my lan.
> 
> 

 

Don't.  Mount local samba/nfs/whatever shares to a directory on the FTP server, and then serve that directory over the internet.

----------

## T0M3K

With ftp I cannot open music/video files and use them without downloading them locally first. That's what I mean by streaming.

So let me illustrate it.

```

     LAN A                 LAN B

    -------                  ---------

    |SRV A| -INTERNET TUNNEL- |SRV B|

    -------                  --------

      |    |                 |     |

      a1  a2                  b1   b2

```

I want computer a1/2 to be able to mount shares from srv B via samba

and computer b1/2 to be able to mount shares from srv A via samba.

----------

## Fitzsimmons

Actually, I think you could.  You could use sys-fs/lufs.  The reason I say this is because samba is incredibly slow, even over a lan, so it must be horrible over the internet.  FTP is designed to go over the internet and always has been whereas samba is really only capable of going over the net because the same protocol that is used over the net happens to be the same one that is used on lans.  That being said, the VPN would work, but I'm not sure how well.  Is there any point in streaming your videos/music over samba if they just lag?

I'm actually kind of curious, since I have never tried out such a thing.  Therefore, give the VPN a try and report back on the results/speed.  Then you can have ftp or another solution if VPN isn't satisfactory.

----------

## syadnom

truely, you should use:

ftp : simple and effective, low overhead, can be accessed from litterally ANY machine anywhere you want

nfs : nfs is a stable and effictive filesystem for internet file transfers.  I give the illusion of being a local directory except with slower speed

also, AFS, Coda, and Intermesso might work for you.  you can run any number of these filesystem together to see whats right for you.

----------

