Need help mapping a shared Linux drive with Samba server from home using an ssh tunnel. Reason: Want to use my laptop PC editor to edit python scripts remotely. Don't want to have to use SCP to constantly upload changes. I'm think I'm getting close, but the problem is that on my Windows PC at home, using CYGWIN, I try to connect with net use, I get prompted for the password, but immediately get disconnected.
WAN-LAN Topology scenerio:
---------------------------------
{pc@home---home-Router}--{internet}---{destFW---[dest_VM_Host_Server---[dest_VM_Guest]]}
home wan IP address: 73.23.x.x
destFW IP address: 216.75.x.x
dest_VM_Host_Server IP address: 192.168.1.g
dest_VM_Guest IP address: 192.168.3.x (Linux share is here)
END OF : WAN-LAN Topology scenerio:
dest_VM_Guest(192.168.3.x):configs and troubleshooting info:
------------------------------------------------------------
smbpasswd -a <my_username> (same as my personal pc used at home)
/etc/smb.conf
-------------------------------------------
Code:
[<share_name>]
path = /home/<my_username>/python #(it is actually a symlink to where I want to go)
follow symlinks = yes
valid users = <my_username>
read only = no
-------------------------------------------
I tested this locally:
-------------------------------------
# smbclient //localhost/<share_name> -U <my_username>%<my_password>
IT WORKED
smb: \> quit # to get out
----------------------------------------
Note: I also added a local username on the linux vm, the same as the smb service user, and my pc at home, just in case
Proof that SSH Tunnel on home PC is allowing me to get through:
--------------------------------------------------------------------
root@dest_VM_Guest:~# netstat -an | grep 445
Code:
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp 0 0 192.168.3.x:445 73.23.x.x:61142 ESTABLISHED
tcp 0 0 192.168.3.x:445 73.23.x.x:56737 ESTABLISHED
tcp 0 0 192.168.3.x:56888 192.168.1.y:445 ESTABLISHED
tcp 0 0 192.168.3.x:56112 192.168.1.z:445 ESTABLISHED
tcp6 0 0 :::445 :::* LISTEN
unix 3 [ ] STREAM CONNECTED 445495
unix 3 [ ] STREAM CONNECTED 445497 /run/systemd/journal/stdout
--------------------------------------------------------------------
***SOMETHING HAPPENED IN AN ATTEMPT, BUT COULDN'T REPRODUCE THIS ERROR********
root@dest_VM_Guest:/var/log/samba# cat log.73.23.x.x
Code:
[2018/12/04 18:48:31.418992, 0] ../source3/smbd/process.c:340(read_packet_remainder)
read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
[2018/12/04 18:52:28.840675, 0] ../source3/smbd/process.c:340(read_packet_remainder)
read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
[2018/12/04 20:37:39.290723, 0] ../source3/smbd/process.c:340(read_packet_remainder)
read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
[2018/12/04 20:44:58.312948, 0] ../source3/smbd/process.c:340(read_packet_remainder)
read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
root@dest_VM_Guest:/var/log/samba# tail -f log.73.23.x.x
[2018/12/04 18:48:31.418992, 0] ../source3/smbd/process.c:340(read_packet_remainder)
read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
[2018/12/04 18:52:28.840675, 0] ../source3/smbd/process.c:340(read_packet_remainder)
read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
[2018/12/04 20:37:39.290723, 0] ../source3/smbd/process.c:340(read_packet_remainder)
read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
[2018/12/04 20:44:58.312948, 0] ../source3/smbd/process.c:340(read_packet_remainder)
read_fd_with_timeout failed for client 73.23.x.x read error = NT_STATUS_END_OF_FILE.
(note: I did a tail -f on /var/log/syslog, and /var/log/auth.log but not getting anything. The only log showing any type of map attempt was this one I just printed)
END OF: dest_VM_Guest(192.168.3.x):configs and troubleshooting info:
dest_VM_Host_Server (192.168.1.g): config
------------------------------------------
/etc/iptables/rules.v4
----------------------
Code:
*nat
:PREROUTING ACCEPT [2073:228232]
-A PREROUTING -i vmbr0 -p tcp --dport 2022 -j DNAT --to 192.168.3.x:22
-A PREROUTING -p tcp -i vmbr0 --dport 1445 -j DNAT --to-destination 192.168.3.x:445
:INPUT ACCEPT [1215:153837]
:OUTPUT ACCEPT [207:12481]
:POSTROUTING ACCEPT [207:12481]
-A POSTROUTING -s 192.168.3.0/24 -o vmbr0 -j MASQUERADE
COMMIT
# Completed on Mon Nov 19 14:43:46 2018
# Generated by iptables-save v1.6.0 on Mon Nov 19 14:43:46 2018
*filter
-A FORWARD -p tcp -d 192.168.3.x --dport 445 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
:INPUT ACCEPT [38326:11598248]
:FORWARD ACCEPT [107654:107563828]
:OUTPUT ACCEPT [32062:16571805]
COMMIT
# Completed on Mon Nov 19 14:43:46 2018
END OF: dest_VM_Host_Server (192.168.1.g): config
destFW(216.75.x.x) : config
----------------------------
Public Facing IP Address: 216.75.x.x
Public Protocol:TCP
Public Port:2445
LAN IP:192.168.1.g (dest_VM_Host_Server)
Local Port:1445
allowed remote IPs: any
END OF: destFW(216.75.x.x) : config
pc@home Windows 10 Pro(tried the following with FW ON & with FW OFF), IP CHICKEN GAVE ME: 73.23.x.x
------------------------------------------------------------------------------------------------------
<my_username> is the same smb username I set with smbpasswd -a on VM_Guest, with the same password.
----------------------------------------------------------------------------------------------------------
PUTTY (I'm impressed that this worked and went through all them hops from here to the final dest server)
-----
(to set up SSH TUNNEL)
HostName (or IP Address):216.75.x.x
Port: 2445
Left Pane:
> Connections > SSH > Tunnels
Source Port 444 (not sure how much this matters)
localhost:445
(THIS WORKS!, netstat on dest_VM_Guest, where linux share is shows that the connection on this port is established.)
----------------------------------------------------------------------------------------------------------
cygwin :
--------
net use '\\localhost\<share_name>' /USER:WORKGROUP\<my_username>
***IT BRIEFLY PROMPTS ME TO ENTER MY USERNAME, BUT THEN CUTS OFF
$ net use '\\localhost\Win-Ops-python' /USER:WORKGROUP\<my_username>
Enter the password for 'WORKGROUP<my_username>' to connect to 'localhost': System error 86 has occurred.
The specified network password is not correct.
---------------
Yes, I tried it with the password as follows:
net use '\\localhost\<share_name>' /USER:WORKGROUP\<my_username> <my_password>
..but it still doesn't work.
----------------------------------------------------------------------------------------------------------
Sec policy change, but it may not matter
-----------------------------------------
Local Policies > Security Options > Network security:LAN Manager authentication level > Set to "Send NTLMv2 response only. Refuse LM & NTLM"
END OF: pc@home Windows 10 Pro(tried the following with FW ON & with FW OFF), IP CHICKEN GAVE ME: 73.23.x.x
...any help is greatly appreciated!