I have been trying to connect a Linux box to a remote Samba share, with no success. The Samba share is a NAS, mapped to be accessible from the Internet, and to be used as a secondary backup box.
The layout has been decided by my client.
The Samba share works (as I have managed to connect to it from my Windows 7 computer), but almost none of my Linux boxes can connect to it.
Tried to connect to the Samba share with 3 Centos boxes and did not work; works with Windows or and with a Ubuntu box. I have also temporarily shut down the firewall on the Centos boxes, but nothing changed.
This is the kind of output I get:
smbclient -U Administrator \\xxx.xxx.xxx.xxx\hd_bkp
timeout connecting to xxx.xxx.xxx.xxx:445
timeout connecting to xxx.xxx.xxx.xxx:139
Error connecting to xxx.xxx.xxx.xxx (Operation already in progress)
Connection to xxx.xxx.xxx.xxx failed (Error NT_STATUS_ACCESS_DENIED
Troubleshooting:
-
I've already tried nmap -P0 against the IP. It does NOT show the ports 139 and 445 as open. The ports show as open when running nmap from the Ubuntu box.
-
The Centos boxes can connect to Samba shares – but they cannot connect to Samba shares in the Internet.
-
None of the Centos boxes seems to be able to mount samba shares via the Internet, but they can mount samba shares from computers in the same network (this might be the critical point?)
-
I've also tried tcpdump, but not sure if the results are meaningful. 192.168.1.150 is the ip of the machine trying to connect to the Samba share, shared at ip xxx.xxx.xxx.xxx
tcpdump -ln -vv host xxx.xxx.xxx.xxx | tee tcpdump.txt
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:12:49.777047 IP (tos 0x0, ttl 64, id 42420, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.1.150.60798 > xxx.xxx.xxx.xxx.microsoft-ds: S, cksum 0x1b2e (correct), 2698738746:2698738746(0) win 5840 <mss 1460,sackOK,timestamp 5036430 0,nop,wscale 7>
16:12:52.777591 IP (tos 0x0, ttl 64, id 42421, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.1.150.60798 > xxx.xxx.xxx.xxx.microsoft-ds: S, cksum 0x0f76 (correct), 2698738746:2698738746(0) win 5840 <mss 1460,sackOK,timestamp 5039430 0,nop,wscale 7>
16:12:58.776620 IP (tos 0x0, ttl 64, id 42422, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.1.150.60798 > xxx.xxx.xxx.xxx.microsoft-ds: S, cksum 0xf805 (correct), 2698738746:2698738746(0) win 5840 <mss 1460,sackOK,timestamp 5045430 0,nop,wscale 7>
16:13:07.246806 IP (tos 0x0, ttl 64, id 31289, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.1.150.56120 > xxx.xxx.xxx.xxx.netbios-ssn: S, cksum 0xfd21 (correct), 2724620277:2724620277(0) win 5840 <mss 1460,sackOK,timestamp 5053900 0,nop,wscale 7>
16:13:10.246675 IP (tos 0x0, ttl 64, id 31290, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.1.150.56120 > xxx.xxx.xxx.xxx.netbios-ssn: S, cksum 0xf169 (correct), 2724620277:2724620277(0) win 5840 <mss 1460,sackOK,timestamp 5056900 0,nop,wscale 7>
16:13:16.246704 IP (tos 0x0, ttl 64, id 31291, offset 0, flags [DF], proto: TCP (6), length: 60) 192.168.1.150.56120 > xxx.xxx.xxx.xxx.netbios-ssn: S, cksum 0xd9f9 (correct), 2724620277:2724620277(0) win 5840 <mss 1460,sackOK,timestamp 5062900 0,nop,wscale 7>
Any suggestions?
Thanks in advance,
Andres
Best Answer
Some hosting companies block SMB ports inbound onto their networks (as Windows-based SMB is notoriously insecure). Does your host allow this (or is it your network?)