LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 04-01-2010, 10:46 AM   #1
mredward1974
LQ Newbie
 
Registered: Feb 2008
Location: Amsterdam
Distribution: OpenSuse 10.3
Posts: 16

Rep: Reputation: 0
[SOLVED] SMB(CIFS) Mount from pub to priv subnet?


Hi all,

[SOLVED] See solution at post #13.

I have a Linux server which sits on a public IP and is accessible from the www. I also have another linux device (NMT) which sits behind my NAT (wireless router).

SERVER(PUB)-->HUB-->MainRouter-->Internet
NMT(PRI)-->WirelessRouter--HUB-->MainRouter-->Internet

The SERVER(PUB) has a public IP (x.x.x.84), and is accessible from the www.
The NMT(PRI) has a private IP (192.168.n.n), and is not accessible from the www

The MainRouter hands out the public IP addresses (x.x.x.81-x.x.x.86) to the SERVER(PUB) (x.x.x.84) and the WirelessRouter (x.x.x.83) using DHCP (although in reality they are fixed with DHCP reservation)

The WirelessRouter hands out the private IP addresses (192.168.1.x) for all the other devices which connect, including the NMT, and it gets its external public IP from MainRouter (.83). The key device IPs are also 'fixed' using DHCP reservation in this subnet.

This is all fine, except I have a few scripts which run on the SERVER(PUB) which require the SMB share on the NMT to be mounted to a local directory. (e.g. SERVER/media/NMT/share/)

My initial attempts at mounting using the 192 address didn't work (unsuprisingly), but now I am a bit stuck. Should I use the wireless router's external address instead? How would it resolve the correct share? Do I need to do some port forwarding or something? Static route? I am grasping at buzzwords here...

I suppose my question is: Is it possible to mount a samba share from an internal IP (192.168.n.n) onto a server which is on a public 'net? If so, what are the steps? If not, great, i'll stop trying.

I hope that there is enough info here to get an answer, but please let me know what you need to know if not,

Thanks
Jim

Last edited by mredward1974; 04-03-2010 at 03:38 PM. Reason: SOLVED!
 
Old 04-01-2010, 06:53 PM   #2
mredward1974
LQ Newbie
 
Registered: Feb 2008
Location: Amsterdam
Distribution: OpenSuse 10.3
Posts: 16

Original Poster
Rep: Reputation: 0
I've done a bit more digging and found the 'route' command...maybe this should be in the netwrk section?

I'm going to link to this post from there...I hope that doesn't count as double posting...

Cheers
Jim
 
Old 04-01-2010, 06:59 PM   #3
mredward1974
LQ Newbie
 
Registered: Feb 2008
Location: Amsterdam
Distribution: OpenSuse 10.3
Posts: 16

Original Poster
Rep: Reputation: 0
smb cifs mount on public from private subnet

Hi,

I posted this in the Server forum, but have since done some digging and found out about the route command and am reading up about that..

http://www.linuxquestions.org/questi...subnet-799381/

I hope this board is more appropriate...

My IPTable looks like this:
Code:
server:/home/user # route -n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
x.x.x.80        0.0.0.0         255.255.255.248 U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         x.x.x.81        0.0.0.0         UG    0      0        0 eth0
And my network is setup as described in the other post.

Can anybody help me with a bit of networking theory..?

Thanks in advance,

Jim

Last edited by mredward1974; 04-01-2010 at 07:29 PM.
 
Old 04-02-2010, 02:32 AM   #4
ddaemonunics
Member
 
Registered: May 2008
Location: Romania
Distribution: Debian
Posts: 242

Rep: Reputation: 41
first you must port forward from the wireless router to the NMT the required ports.
 
Old 04-02-2010, 03:13 AM   #5
wernl01
LQ Newbie
 
Registered: Mar 2006
Location: Minnesota
Distribution: Debian
Posts: 1

Rep: Reputation: 0
SMB(CIFS) Mount from pub to priv subnet?

Hi Jim,
I'll see if I can answer this for you. If I understand correctly your network looks something like this.

(ignore the leading '_'s I had to use those to maintain the diagrams, otherwise the leading spaces were removed and it didn't make much sense at that point)


SERVER(PUB)================v
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _HUB ===> MainRouter ===> Internet
NMT(PRI)===> WirelessRouter====^


To have SERVER mount a share on NMT you will need to add a route on SERVER that points back to the outside interface of WirelessRouter. In WirelessRouter you need to port forward traffic coming from SERVER to the SMB/CIFS ports on NMT.

The route should look something like this;
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.xx x.x.x.83 255.255.255.x U 0 0 0 ethx


You'll want to verify the ports you need to 'port forward', but I believe they are tcp/138, tcp/139, and tcp/445. I'm pulling those off the top of my head, so I may be off. You'll also only want to accept traffic from SERVER on those ports also unless you want to share them with the internet at large. I would place a rule on my MainRouter to deny that traffic passing through the router (I'm taking for granted that MainRouter has a firewall or similar capabilities built in).

=======================================

Alternatively, you could add a NIC to SERVER (unless you have an unused NIC port already) and give it an internal IP and connect it to the inside of WirelessRouter. You would need to make sure you just use that for your SMB/CIFS traffic with a static route on SERVER.

SERVER(PUB) =============|
_ _ _ _ _ _ | _ _ _ _ _ _ _ _ _ _ _ v
_ _ _ _ _ _ |_ _ _ _ _ _ _ _ _ _ _ HUB ===> MainRouter ===> Internet
_ _ _ _ _ _ |==|_ _ _ _ _ __ _ _ _^
_ _ _ _ _ _ _ _v _ _ _ _ __ _ _ _ |
NMT(PRI)-->WirelessRouter ===|

Last edited by wernl01; 04-02-2010 at 04:02 AM. Reason: Formating on diagrams lost
 
Old 04-02-2010, 03:25 AM   #6
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
For smb it would be better to create a VPN tunnel. SMB isn't secure for use on the internet and most ISPs block the ports that Windows networking use.
 
Old 04-02-2010, 03:48 AM   #7
NeilR
LQ Newbie
 
Registered: Aug 2007
Location: Devon, UK
Distribution: Xubuntu, Crux
Posts: 18

Rep: Reputation: 1
I am assuming here that SERVER and NMT are on different subnets. SAMBA can do "cross-subnet" browsing using a WINS server setup (see SAMBA docs on Network Browsing), but if both devices are running Linux then why use SAMBA - you could use FUSE/sshfs to mount the NMT share and forget SAMBA for this task!
 
Old 04-02-2010, 05:33 AM   #8
NeilR
LQ Newbie
 
Registered: Aug 2007
Location: Devon, UK
Distribution: Xubuntu, Crux
Posts: 18

Rep: Reputation: 1
Don't get tangled up in IP configuration unnecessarily - use FUSE/sshfs (it is easy to set up!). You should have sshd running on NMT, and sshfs installed on SERVER. Set up port-forwarding for whatever port number you decide to use (say 7213) in your wireless router to direct traffic to NMT (192.168.1.x). From your server you can use basic command line "sshfs -p7213 username@x.x.x.83:/NMT_path_to_share /SERVER/media/NMT/share". You should consider setting up a trust between machines using ssh-keygen as described in SSHFS AUTOmount .
 
Old 04-02-2010, 05:44 AM   #9
mredward1974
LQ Newbie
 
Registered: Feb 2008
Location: Amsterdam
Distribution: OpenSuse 10.3
Posts: 16

Original Poster
Rep: Reputation: 0
Hi all,

Many thanks for your replies.

Quote:
but if both devices are running Linux then why use SAMBA
Because windows machines behind the NAT also need access to the shares. Have I understood Samba correctly?

Quote:
For smb it would be better to create a VPN tunnel.
I dont need SAMBA access over the internet, just a connection between a public IP range and a subnet on an internal IP range, all behind my firewall and on my own 'internal network'. There are a few services on the NMT which I can port forward when I get this working.

@wernl, thanks a lot for your detailed reply, I think you have grasped the problem correctly, so I wlll read through it carefully and have a go. I'll report back when I get stuck! I'm sure I have a spare NIC somewhere so maybe that's an option if I'm struggling.

Thanks again
Jim
 
Old 04-02-2010, 05:44 AM   #10
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655Reputation: 655
Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place.

I've reported this post suggesting the ones from the thread in Linux-Server be merged here, rather than simply closing this duplicate thread.

In the future, if you found that you posted in the wrong forum, you can report your own thread and request it be moved.
 
Old 04-02-2010, 07:49 AM   #11
michaelk
Moderator
 
Registered: Aug 2002
Posts: 12,169

Rep: Reputation: 784Reputation: 784Reputation: 784Reputation: 784Reputation: 784Reputation: 784Reputation: 784
Duplicate thread. Continue here
http://www.linuxquestions.org/questi...subnet-799381/
 
Old 04-02-2010, 01:55 PM   #12
mredward1974
LQ Newbie
 
Registered: Feb 2008
Location: Amsterdam
Distribution: OpenSuse 10.3
Posts: 16

Original Poster
Rep: Reputation: 0
Understood and apologies again...as I worked through the eissue I thought that the thread was better placed in the other board, but here is also fine by me.

There was a good reply in the other thread which I paste here in case its of use to anynoe else in the same situation..I'm going to try this next, as the IP routing thing didn't work for me (I am probably doing something silly) so if the following works i'll let you know.

Quote:
Don't get tangled up in IP configuration unnecessarily - use FUSE/sshfs (it is easy to set up!). You should have sshd running on NMT, and sshfs installed on SERVER. Set up port-forwarding for whatever port number you decide to use (say 7213) in your wireless router to direct traffic to NMT (192.168.1.x). From your server you can use basic command line "sshfs -p7213 username@x.x.x.83:/NMT_path_to_share /SERVER/media/NMT/share". You should consider setting up a trust between machines using ssh-keygen as described in SSHFS AUTOmount .
Cheers
Jim
 
Old 04-03-2010, 11:35 AM   #13
mredward1974
LQ Newbie
 
Registered: Feb 2008
Location: Amsterdam
Distribution: OpenSuse 10.3
Posts: 16

Original Poster
Rep: Reputation: 0
Ok, I have tried the following:

Quote:
You should have sshd running on NMT, and sshfs installed on SERVER.
I think so; just to check, I can ssh into the NMT from my laptop on the same net (192.186.1) which means sshd is running, right?

Quote:
Set up port-forwarding for whatever port number you decide to use (say 7213) in your wireless router to direct traffic to NMT (192.168.1.x).
I did this in the Forwarding -> Virtual Servers section on the wirelessRouter's web admin pages:
Code:
Service Port:  	7213
IP Address: 	192.168.1.102
Protocol: 	ALL
Status: 	Enabled
Quote:
From your server you can use basic command line "sshfs -p7213 username@x.x.x.83:/NMT_path_to_share /SERVER/media/NMT/share".
I get:
Code:
user@server:~> sshfs -p7213 nmt@x.x.x.83:/share /media/pch/
read: Connection reset by peer
And I just tried it as root and same thing. (obviously I am replaceing the x's with the proper IP!)

Quote:
You should consider setting up a trust between machines using ssh-keygen as described in SSHFS AUTOmount.
I created a key using ssh-keygen:
user@server:~>ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa.pub

And it does its thing, and says:
Code:
Generating public/private rsa key pair.
/home/user/.ssh/id_rsa.pub already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.pub.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.pub.
The key fingerprint is:
x:x:x:x:x:x:x:x:x:x:x:x:x:x:x:x user@server
The key's randomart image is:
blah
then I did:

Code:
cat ~/.ssh/id_rsa.pub
Which spat out a load of numbers and letters which I pasted into:
~/.ssh/authorized_keys

on the NMT (after the one which is already there for my laptop to enable me to ssh into the box from my laptop)

But still I get connection refused... :/

Any ideas?

Thanks a lot
Jim
 
Old 04-03-2010, 01:38 PM   #14
mredward1974
LQ Newbie
 
Registered: Feb 2008
Location: Amsterdam
Distribution: OpenSuse 10.3
Posts: 16

Original Poster
Rep: Reputation: 0
I think I am making progress..

First I forwarded the port that Dropbear (sshd) is listening on instead of the random one - i'll change that to a random one once I figure out how, and get this working), and I was able to connect, but was refused as the key was wrong.

I managed to ssh into the NMT from the SERVER with an rsa key generated (I think I have my head around how that works now!). At first I had a passphrase, and that asked for the passphrase when I tried to log in and it worked.) Then after not succeeding the mount part, I recreated a new rsa key without a passphrase, and the result was the same:

Code:
user@SERVER:~> ssh -v nmt@x.x.x.83
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to x.x.x.83 [x.x.x.83] port nn.
debug1: Connection established.
debug1: identity file /home/ninan/.ssh/id_rsa type 1
debug1: identity file /home/ninan/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version dropbear_0.52
debug1: no match: dropbear_0.52
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'x.x.x.83' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/ninan/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_GB.UTF-8
nmt@PCH-A110 nmt$
Boomshanka.

Then I tried to sshfs the mount with:

Code:
user@SERVER:~> sshfs nmt@x.x.x.83:/share /media/pch/
And I get: remote host has disconnected

(with or without a passphrase rsa key)

Any guidance appreciated,

Cheers
Jim

Last edited by mredward1974; 04-03-2010 at 01:40 PM. Reason: missed some detail
 
Old 04-03-2010, 02:38 PM   #15
mredward1974
LQ Newbie
 
Registered: Feb 2008
Location: Amsterdam
Distribution: OpenSuse 10.3
Posts: 16

Original Poster
Rep: Reputation: 0
I googled and found this:

Quote:
Requirements

Since Dropbear (the default ssh server) apparently does not support sshfs, you will need to install and run Openssh instead. This in turn requires Optware. Obviously you should have a drive attached to your router to have something to share, so a router with a usb port is necessary.

Note from Manuel: I managed to use sshfs with the default ssh by installing the "openssh-sftp-server" package and passing the path to the sftp-server as command-line option "-o sftp_server=/opt/libexec/sftp-server" to sshfs.
I cant find an "openssh-sftp-server" package for OpenSuse11.2, but there was a 'vsftpd' which I installed, and also a 'libcsync-plugin-sftp', so I installed those too, but still no joy.

Thanks in advance for any tips,

Jim
 
  


Reply

Tags
mount, private, public, samba, subnet


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] can't mount CIFS share, but smbclient and smb:// (KIO) works hasi Linux - Networking 15 10-15-2010 06:27 PM
manual mount cifs works but srcipt mount cifs has mount error (13): Permission denied CADIT Linux - Newbie 6 11-20-2009 03:48 PM
Can delete files in one smb share but not in another - using cifs.mount in active dir Lordandmaker Linux - Server 4 02-12-2009 06:34 AM


All times are GMT -5. The time now is 10:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration