[Samba] Firewall piercing - The Specified network name is no longer available.

JLB jlb at twu.net
Wed Feb 9 15:20:09 GMT 2005 

On Wed, 9 Feb 2005, Aaron J. Zirbes wrote:

> Date: Wed, 09 Feb 2005 09:16:46 -0600
> From: Aaron J. Zirbes <ajz at cccs.umn.edu>
> To: JLB <jlb at twu.net>
> Cc: samba at lists.samba.org
> Subject: Re: [Samba] Firewall piercing - The Specified network name is no
>     longer available.
>
> JLB wrote:
>  > I've already set up zero-install Web-based telnet, zero-install Web-based
>  > MP3 players... I even concocted a zero-install CygWin workalike and
>  > keep it on my keychain USB drive... now I need a zero-install way to
>  > access my files via Windows machines. And that means SMB. NOT OpenVPN,
>  > OpenSSH, OpenVMS or any other "Open".
>
>
> WinSCP is a MUCH better way to go for this type of thing.  ...And it can
> be zero-install.
>
> FYI, this will need to connect to an SSH server,

...I know what WinSCP is, and I certainly know how it works ;)

> and if you're running
> OpenBSD... (one of the Opens... hehe) it will be probably be via
> OpenSSH... (another "Open")
>
> b.t.w., I'm also curious why you threw that "OpenVMS" in there with
> OpenSSH and OpenVPN? OpenVMS is an operating system typically run on
> Digital hardware.

Just because it began with "Open" and ended in a three-letter acronym. Had
I been able to think of another, fourth such word, I would have tossed it
in as well ;)

>
> P.S.  If you don't want any "Open" software, may I ask why you are
> running OpenBSD?

It was merely a play on words.
I happen to LIKE the "Open" software.
However, typical Windows-running people (who get skittish enough when you
simply open a command prompt window, thinking you're "hacking") make my
job more difficult by creating a situation in which things go much more
smoothly when I don't have to install ANYTHING, much less some open-source
software that'll creep them out.

(N.b. in some situations, installing open-source/free software on Windows
boxes run by F/OSS-phobic Windows types makes a lot more sense than NOT
doing so... e.g. I am about to half-heartedly start a project for people
to install FireFox on Windows users' computers, sometimes without their
knowledge, but that's due to the impact of spambot-infested Windows boxes
on the Internet at large, and the global impact of productivity lost to
the slowdowns caused by spyware)

>
>
> --
> Aaron Zirbes
> Systems Administrator
> Environmental Health Sciences
> University of Minnesota
>
>
> JLB wrote:
> > On Wed, 9 Feb 2005, Paul Gienger wrote:
> >
> >
> >>Date: Wed, 09 Feb 2005 08:54:57 -0600
> >>From: Paul Gienger <pgienger at ae-solutions.com>
> >>To: JLB <jlb at twu.net>
> >>Cc: samba at lists.samba.org
> >>Subject: Re: [Samba] Firewall piercing - The Specified network name is no
> >>    longer available.
> >>
> >>
> >>
> >>>I'm trying to set up one of my Unix machines at home so I can access my
> >>>stuff there via SMB from the Internet at large (read: from Windows-using
> >>>clients').
> >>>
> >>>
> >>
> >>Are you saying that you're trying to allow access from 'random internet
> >>user'(which is probably you) directly to your samba machine?   You will
> >>have problems with this if it is what you're doing.
> >>
> >>1. because you may have a default filter on your firewalls that block it
> >>from traversing, although I think most sane manufacturers took this rule
> >>off now
> >
> >
> > I already poked and prodded at all such filters. They seem off now.
> >
> >
> >>2. because your ISP probably blocks/filters those ports.
> >
> >
> > They don't.
> >
> >
> >>3. because it's a Bad Thing (TM)(R)(C)
> >
> >
> > The chance of any random joker stumbling upon a dynamically allocated IP
> > and h4x0ring into a password-protected share on a SPARC64 machine running
> > OpenBSD with a recent version of Samba is ....
> >
> > ....slim.
> >
> >
> >>Spend a little time and set up a vpn endpoint on your box and just
> >>forward the necessary ports over, i think openvpn is 5000.  You'll be
> >>much happier, sane, and protected as such.
> >
> >
> > And I will make use of this on client machines with strict "Thou Shalt Not
> > Install any Unauthorized Software" policies... how?
> >
> > I've already set up zero-install Web-based telnet, zero-install Web-based
> > MP3 players... I even concocted a zero-install CygWin workalike and
> > keep it on my keychain USB drive... now I need a zero-install way to
> > access my files via Windows machines. And that means SMB. NOT OpenVPN,
> > OpenSSH, OpenVMS or any other "Open".
> >
> >
> >>>I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by
> >>>Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway
> >>>device.
> >>>
> >>>I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445.
> >>>Only port 139 actually responds to TCP connections (well, only port 139
> >>>accepts a telnet, even from localhost.
> >>>
> >>>See:
> >>>
> >>>--------------------------------------------------------------------------
> >>>-bash-2.05b# telnet localhost 137
> >>>Trying ::1...
> >>>telnet: connect to address ::1: Connection refused
> >>>Trying 127.0.0.1...
> >>>telnet: connect to address 127.0.0.1: Connection refused
> >>>-bash-2.05b# telnet localhost 138
> >>>Trying ::1...
> >>>telnet: connect to address ::1: Connection refused
> >>>Trying 127.0.0.1...
> >>>telnet: connect to address 127.0.0.1: Connection refused
> >>>-bash-2.05b# telnet localhost 139
> >>>Trying ::1...
> >>>telnet: connect to address ::1: Connection refused
> >>>Trying 127.0.0.1...
> >>>Connected to localhost.
> >>>Escape character is '^]'.
> >>>^]
> >>>telnet> close
> >>>Connection closed.
> >>>-bash-2.05b# telnet localhost 445
> >>>Trying ::1...
> >>>telnet: connect to address ::1: Connection refused
> >>>Trying 127.0.0.1...
> >>>telnet: connect to address 127.0.0.1: Connection refused
> >>>--------------------------------------------------------------------------
> >>>
> >>>It should go without saying that this machine's Samba shares work
> >>>PERFECTLY WELL within the LAN. ;)
> >>>
> >>>Now, from the outside, I can telnet to port 139 on the machine just fine,
> >>>through both NAT devices. However, when I go Start, Run,
> >>>\\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of
> >>>the machine), Windows vomits up this unhelpful message:
> >>>
> >>>
> >>>--------------------------------------------------
> >>>\\x.y.z.a\sharename
> >>>The specified network name is no longer available.
> >>>--------------------------------------------------
> >>>
> >>>See:
> >>>
> >>>http://jlb.twu.net/tmp/unhelpful.png
> >>>
> >>>Any ideas? The client machine runs Windows 2000 Pro.
> >>>
> >>>--
> >>>J. L. Blank, Systems Administrator, twu.net
> >>>
> >>>
> >>
> >>--
> >>--
> >>Paul Gienger                    Office: 701-281-1884
> >>Applied Engineering Inc.
> >>Systems Architect               Fax:    701-281-1322
> >>URL: www.ae-solutions.com       mailto: pgienger at ae-solutions.com
> >>
> >>
> >>
> >
> >
> > --
> > J. L. Blank, Systems Administrator, twu.net
>
> --
> Aaron Zirbes
> Systems Administrator
> Environmental Health Sciences
> University of Minnesota
> ajz at umn.edu
> 612-625-3460
>

--
J. L. Blank, Systems Administrator, twu.net

More information about the samba mailing list