[Samba] Firewall piercing - The Specified network name is no longer available.

Christoph Scheeder christoph.scheeder at scheeder.de
Thu Feb 10 15:41:35 GMT 2005 

Hi,
i think you do not get the point:
This is not a single point of failure.
Getting your server sharing to the internet will give you nothing.

Why?

1st showstopper:
The admin of the pc you want to access your server from will have denied 
outgoing traffic for all smb-packets from the local LAN to the internet.
Because windows machines tend to do heavy broadcasts to sync their browselists
over these ports.
This is unwanted traffic which must be paid for and which reduces available
bandwidth.
So the Admins block these ports to *save money*

2nd showstopper:
Even if your ISP does not, many many ISPs silently drop all traffic on the 
smb-ports.
why? Because there a to much homeusers not using firewalls and therefor their
Windows-machines brodcast to the internet to sync their browselists.
If ISPs would forward these packets (or answers to them) it would eat their
bandwidth and money for nothing.
That's the point why they drop these packets:   *MONEY*

3rd showstopper:
SMB is not designed for unreliable networks with many routers and their
latency involved.
SMB over internet simply will not work reliable.

Christoph

JLB schrieb:
> Also, my arrogant attitude is largely due to the fact that nobody's
> reading my points.
> 
> I DO NOT want to install OpenVPN.
> I DO NOT want to run WinSCP.
> I DO NOT want to run an anonymous FTP server.
> 
> I want to go:
> 
> Start
> Run
> smb://IP_ADDRESS/sharename
> (username)
> (password)
> POOF.
> 
> That is what I want. Period. It's not unreasonable; this is Samba, not
> some Win95 box waiting to be h4x0red.
> 
> On Thu, 10 Feb 2005, Gordon Russell wrote:
> 
> 
>>Date: Thu, 10 Feb 2005 09:22:48 -0500
>>From: Gordon Russell <russell at co.clarke.va.us>
>>Cc: JLB <jlb at twu.net>, samba at lists.samba.org
>>Subject: Re: [Samba] Firewall piercing - The Specified network name is no
>>    longer available.
>>
>>Dude -- Your arrogant attitude towards getting help and resolving your
>>problem is not getting you anywhere -- its obviously problematic to pump
>>  SMB/CIFS into the internet the way you would like to.  Why don't you
>>look at a simpler solution like running an anonymous ftp server and then
>>your pathetic windoze users can just type:
>>
>>ftp://server/directory
>>
>>POOF
>>
>>
>>>Please read my points on this sort of "solution" in the past. The whole
>>>REASON I want to use Plain Vanilla SMB is so I can walk up to ANY Windoze
>>>machine on the entire flippin' Internet and go:
>>>
>>>Start
>>>Run
>>>\\IP_ADDRESS\sharename
>>>(username)
>>>(password)
>>>
>>>POOF.
>>
> 
> --
> J. L. Blank, Systems Administrator, twu.net

More information about the samba mailing list