LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How do I browse files on a VPN connection? (http://www.linuxquestions.org/questions/linux-networking-3/how-do-i-browse-files-on-a-vpn-connection-387235/)

joekm 11-28-2005 08:36 AM

How do I browse files on a VPN connection?
 
Okay, I'm running Ubuntu 5.10 with the Firestarter firewall and pptpconfig

After making an adjustment to the firewall, I was able to get a successful VPN connection to my work Windows network using pptpconfig.

I would like to be able to look at files on my work network but I have no idea how. You would think that this would be pretty straight-forward but I can find no documentation on the subject.

I would also think that I there should be someway I could mount the network location and browse it using Nautilus, but I have no idea how and I can't any instructions. If nothing else, I should be able to connect via Firefox, but nothing I've tried works.

Right now, all I have is an active connection I can traceroute and ping to, but nothing else.


Can somebody tell me what I'm supposed to do from here?


Thanks,

Joe

fr_laz 11-28-2005 03:38 PM

Hi,

before going using high level tools, I think you should give a try to low level ones to check that everythin works fine.
As you're able to ping and traceroute, connectivity seems to be OK.
If you know the names (NETBIOS names) or IP addresses of fileservers (or of your workstation if you have shares on it), you should be able to use smbclient to check the available shares:
Code:

smblient -L machine.domain.com
You should have a listing of the shared directories on the host machine.domain.com (you can also use IP addresses).
If the above didn't work, then I think you could try a small nmap on the same machine... you should see the open ports on it. If you don't see port 137, 139 (and most likely 138 and 145), then either your firewall is blocking you, or you don't have a full VPN access (but since you connect through pptp, I believe the first guess would be the one). What I mean by this is that it's not because you opened a VPN connection that your firewall allows you do whatever you want on it... the more simple way to quickly check this is to force your firewall into allowing anything from your local LAN to the remote one:
Code:

iptables -I FORWARD -s 192.168.0.0/24 -d 10.1.1.0/24 -j ACCEPT
iptables -I FORWARD -s 10.1.1.0/24 -d 192.168.0.0/24 -j ACCEPT

Assuming that 192.168.0.0 255.255.255.0 is the LAN behind your home router and 10.1.1.0 255.255.255.0 is your work LAN.
Note that I used -I FORWARD instead of -A, so that these rules are inserted before your Firestarter ones.

If you connect a single host to your work LAN, then replace 192.168.0.0/24 by your own IP address... either the public or the private one depending on your VPN config.
The above iptables rules is not secure at all, the only interest is to get rid of firewalling in-between the VPN to make sure this isn't the reason why you're blocked.

If you've got a correct output from smbclient, you can actually mount the shares:
Code:

smbmount //machine.domain.com/share_folder /mnt/share1 -o username="my_work_username" password="my_work_password"
Where share_folder is, of course, one of the listed folder in smbclient.

Thus you should have access to the shared folders... the smbclient and smbmount are more or less the same thing as what Nautilus would for you, but the do-it-yourself way. Once mounted, I don't think you will have any trouble browsing the mounted share with Nautilus.

The above procedure should work allright, provided that you're really connected to your office's LAN. There are several VPN config: LAN to LAN (where 192.168.0.0/24 and 10.1.1.0/24 networks see each other over Internet), host to LAN (where one machine connects to a LAN through Internet... what I meant I told you to change 192.168.0.0/24 by your own IP address in the iptables rules), and host to host (usually a remote host to a mailserver as an exemple). The latest config won't allow you to access your office's network, only to the remote server you're connected to.
Unfortunatly, the type of VPN depends on what your IT admin (or most certainfully your big boss) thought the best to set up, so if you can only connect to a remote host, you will never be able (unless your admin is not conerned with security and you're up to hack your way into your office's network) to connect to the LAN.

Hope it will give you an idea of how to get it working...
If you need more help, you should at least told us how your VPN is set up (referring to the 3 types of VPN I was talking about) and some kind of IP addressing (give false IPs so as to avoid giving away you're real config, but stick to a false architecture that is close enough to reality so that we understand the issue).


All times are GMT -5. The time now is 07:39 PM.