|Samba over the internet|
I'm trying to set up a Samba server so that it can be accessed via internet from a WinXP machine. I can connect from an XP machine on the same network, but cannot from outside. Any suggestions as to what to try?
Is there a firewall between the machines?
Are you trying to access the server by name or by ip address (\\a.b.c.d\sharename or \\hostname\sharename)?
Neither name nor ip address works. Win explorer sits and hums for a while and then tells me that it can't be found. There is a router, but the server is listed as the DMZ for that router and I can connect to other things on that server - SSH, RSYNC, Webmin, FTP, HTTPD (before I turned it off).
Can you view the shares on the Samba server? (net view \\a.b.c.d)?
Is authentication required for connections? Have you tried turning this off in smb.conf to see if it makes any difference? ("Public = yes", in which case "Read only = yes", and having only a dummy share configured might be a good idea from a security PoV)
Have you looked in the Samba log files to see if it shows anything? You can turn up the logging in smb.conf using the "log level = X" entry, where X goes from 0 to 10.
Is there a firewall of any kind on the box running Samba? Are you using hosts.allow and/or hosts.deny?
Did you compile Samba yourself, or was a prebuilt version supplied with the *nix distribution?
If you're on a broadband connection, it's possible that your ISP may be blocking certain ports (137-139 and 445 are the ones to check).
Finally, have you tried putting a Windows box (XP or Server) in place of the Samba server and seeing if you can connect to that?
Thanks for putting a list of things to check in one place. I've been looking all over the internet and have been trying things fairly sporadically.
I am using the Samba that came with the distribution, I didn't compile it myself.
How can I check to see if those port are blocked? If they are, how can I change what ports are used?
|How can I check to see if those port are blocked? |
Make sure you Samba server is up and running, then request a full port scan from somewhere like GRC's Shields Up [grc.com]
|If they are, how can I change what ports are used? |
I could be wrong, but I don't think you can change this easily, since a remote Windows client has no means to specify the port when it is connecting. The client just does "net use \\a.b.c.d\share", there's no "net use \\a.b.c.d:<port>\share" syntax that I'm aware of.
If you need remote access to a Samba or Windows share, I think you should be looking at a VPN rather than exposing Samba/Windows shares directly to the internet. The ports in question (139 and 445) are very frequently probed/attacked - see DShield [dshield.org] for more info.
Most likely your ISP is also blocking incoming port 139. There is no reason anymore for ISPs to permit that kind of traffic over its network. For example, I believe Telus in Canada started blocking port 139 sometime in 2004, to help prevent outbreaks of viruses and worms.
hope that saves you some trouble. You may want to look into other alternatives, maybe even something like tunnelling netbios through ssh? ( [lists.samba.org...] )