[Samba] Firewall piercing - The Specified network name is no longer available.

Aaron J. Zirbes ajz at cccs.umn.edu
Wed Feb 9 15:16:46 GMT 2005 

JLB wrote:
 > I've already set up zero-install Web-based telnet, zero-install Web-based
 > MP3 players... I even concocted a zero-install CygWin workalike and
 > keep it on my keychain USB drive... now I need a zero-install way to
 > access my files via Windows machines. And that means SMB. NOT OpenVPN,
 > OpenSSH, OpenVMS or any other "Open".


WinSCP is a MUCH better way to go for this type of thing.  ...And it can 
be zero-install.

FYI, this will need to connect to an SSH server, and if you're running 
OpenBSD... (one of the Opens... hehe) it will be probably be via 
OpenSSH... (another "Open")

b.t.w., I'm also curious why you threw that "OpenVMS" in there with 
OpenSSH and OpenVPN? OpenVMS is an operating system typically run on 
Digital hardware.

P.S.  If you don't want any "Open" software, may I ask why you are 
running OpenBSD?


-- 
Aaron Zirbes
Systems Administrator
Environmental Health Sciences
University of Minnesota


JLB wrote:
> On Wed, 9 Feb 2005, Paul Gienger wrote:
> 
> 
>>Date: Wed, 09 Feb 2005 08:54:57 -0600
>>From: Paul Gienger <pgienger at ae-solutions.com>
>>To: JLB <jlb at twu.net>
>>Cc: samba at lists.samba.org
>>Subject: Re: [Samba] Firewall piercing - The Specified network name is no
>>    longer available.
>>
>>
>>
>>>I'm trying to set up one of my Unix machines at home so I can access my
>>>stuff there via SMB from the Internet at large (read: from Windows-using
>>>clients').
>>>
>>>
>>
>>Are you saying that you're trying to allow access from 'random internet
>>user'(which is probably you) directly to your samba machine?   You will
>>have problems with this if it is what you're doing.
>>
>>1. because you may have a default filter on your firewalls that block it
>>from traversing, although I think most sane manufacturers took this rule
>>off now
> 
> 
> I already poked and prodded at all such filters. They seem off now.
> 
> 
>>2. because your ISP probably blocks/filters those ports.
> 
> 
> They don't.
> 
> 
>>3. because it's a Bad Thing (TM)(R)(C)
> 
> 
> The chance of any random joker stumbling upon a dynamically allocated IP
> and h4x0ring into a password-protected share on a SPARC64 machine running
> OpenBSD with a recent version of Samba is ....
> 
> ....slim.
> 
> 
>>Spend a little time and set up a vpn endpoint on your box and just
>>forward the necessary ports over, i think openvpn is 5000.  You'll be
>>much happier, sane, and protected as such.
> 
> 
> And I will make use of this on client machines with strict "Thou Shalt Not
> Install any Unauthorized Software" policies... how?
> 
> I've already set up zero-install Web-based telnet, zero-install Web-based
> MP3 players... I even concocted a zero-install CygWin workalike and
> keep it on my keychain USB drive... now I need a zero-install way to
> access my files via Windows machines. And that means SMB. NOT OpenVPN,
> OpenSSH, OpenVMS or any other "Open".
> 
> 
>>>I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by
>>>Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway
>>>device.
>>>
>>>I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445.
>>>Only port 139 actually responds to TCP connections (well, only port 139
>>>accepts a telnet, even from localhost.
>>>
>>>See:
>>>
>>>--------------------------------------------------------------------------
>>>-bash-2.05b# telnet localhost 137
>>>Trying ::1...
>>>telnet: connect to address ::1: Connection refused
>>>Trying 127.0.0.1...
>>>telnet: connect to address 127.0.0.1: Connection refused
>>>-bash-2.05b# telnet localhost 138
>>>Trying ::1...
>>>telnet: connect to address ::1: Connection refused
>>>Trying 127.0.0.1...
>>>telnet: connect to address 127.0.0.1: Connection refused
>>>-bash-2.05b# telnet localhost 139
>>>Trying ::1...
>>>telnet: connect to address ::1: Connection refused
>>>Trying 127.0.0.1...
>>>Connected to localhost.
>>>Escape character is '^]'.
>>>^]
>>>telnet> close
>>>Connection closed.
>>>-bash-2.05b# telnet localhost 445
>>>Trying ::1...
>>>telnet: connect to address ::1: Connection refused
>>>Trying 127.0.0.1...
>>>telnet: connect to address 127.0.0.1: Connection refused
>>>--------------------------------------------------------------------------
>>>
>>>It should go without saying that this machine's Samba shares work
>>>PERFECTLY WELL within the LAN. ;)
>>>
>>>Now, from the outside, I can telnet to port 139 on the machine just fine,
>>>through both NAT devices. However, when I go Start, Run,
>>>\\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of
>>>the machine), Windows vomits up this unhelpful message:
>>>
>>>
>>>--------------------------------------------------
>>>\\x.y.z.a\sharename
>>>The specified network name is no longer available.
>>>--------------------------------------------------
>>>
>>>See:
>>>
>>>http://jlb.twu.net/tmp/unhelpful.png
>>>
>>>Any ideas? The client machine runs Windows 2000 Pro.
>>>
>>>--
>>>J. L. Blank, Systems Administrator, twu.net
>>>
>>>
>>
>>--
>>--
>>Paul Gienger                    Office: 701-281-1884
>>Applied Engineering Inc.
>>Systems Architect               Fax:    701-281-1322
>>URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com
>>
>>
>>
> 
> 
> --
> J. L. Blank, Systems Administrator, twu.net

-- 
Aaron Zirbes
Systems Administrator
Environmental Health Sciences
University of Minnesota
ajz at umn.edu
612-625-3460

More information about the samba mailing list