Ssh – SMB proxy: Connect to SMB server through SSH tunnel between two other hosts

PROXYsambaserver-message-blocksshssh-tunnel

I want localhost to access my company's SMB shares. These are located on a Win7 peer. This peer is running a virtual machine with Debian which itself is running an ssh daemon.

I can easily create an ssh tunnel from localhost to the VM but couldn't get SMB forwarding/proxying to work. I read too much on this ending up totally confused on which port on which interface and host to forward to and the like…

If I'm right I have to forward localhost's port 139 to a port on my proxy and on the proxy itself forward port 139 to the port of the ssh tunnel on the same host? Is this supposed to work at all? How should I set up each host to accomplish that?

The network roughly looks like this:

localhost ===(ssh)=== |router| ===(ssh)=== debian vm ===(smb)=== win7

The router just forwards the SSH connection to the VM.

Best Answer

The answer that @Zoredache gives to this question is a good one for what you're looking to do, though I'm going to elaborate on it for your situation.

It's not clear to the if the router is running an SSH server from your diagram or if you're just saying that you're going to be moving SSH traffic through it. I'm going to assume you're just moving SSH traffic through it via a port-forward, in which case I'd:

Start an SSH session from your PC to the public IP address of the router which, presumably, has a port forwarded to the Debian VM's SSH server port
Forward port 139 on your PC, specified as 127.0.0.2:139, to the LAN IP address of the Windows 7 PC, port 139 (this assumes the Debian VM can access the Windows 7 PC). If you're using OpenSSH the syntax would be ssh router-ip -L 127.0.0.2:139:win-7-pc-ip:139
Create a /etc/hosts (or whatever analog to that exists on your OS) to resolve the name of the Windows 7 PC to 127.0.0.2

This will allow you to access the Windows 7 PC, by name, via a local loopback address that forwards to the SMB port on the Windows 7 PC.

Related Solutions

Ssh – How to set proxy for subversion with ssh tunnel

You are using SSH to set up a local SOCKS server that tunnels to your SSH server. You mention that your reason for doing that is that "local connection is slow" but I fail to see how tunneling to a SSH server will make it faster.

Anyway, your problem is that Subversion can connect through a HTTP proxy or an SSH tunnel, but it has no idea about SOCKS. So you need to SOCKSify Subversion by capturing all its TCP connects and redirecting them to the SOCKS proxy.

Instead of paraphrasing those who have done it before, I'll point you to their detailed explanations :

Or in a nutshell mostly cut'n'pasted from Oliver's page :

Debian contains two socksifiers that are also available on sourceforge. The most recently updated one is ProxyChains, and it's quite straightforward to configure. Most socksifiers work in a similar fashion so these instructions should be a reasonable general case. To configure ProxyChains you just need to edit $(HOME)/.proxychains/proxychains.conf to have only the following lines:

DynamicChain
tcp_read_time_out 15000
tcp_connect_time_out 10000
[ProxyList]
socks5 127.0.0.1 8090
# NB: for some reason 'localhost' doesn't work in the above line

All you then need to do is 'wrap' svn in ProxyChains.

proxychains svn commit

In the above example, the svn application was none the wiser that its TCP connects to the Subversion server were redirected down your SOCKS proxy."

Sql-server – Why can’t I connect to remote Microsoft SQL Server through SSH tunnel

When upgrading to a newer Dlink Router, I had the problem of no longer being able to connect to SQL SVR between computers on my network (plugged into the Dlink Router).

I found the solution on this forum.

Disabling "Advanced DNS Service". Enabled is the default.

(Setup > Internet > Manual Internet Connection Setup > Advanced DNS Service)

According to the post that I found, it also resolves difficulties connecting RDP. The was some speculation that the SQL SVR connection requests were being sent out to OpenDNS thus preventing the desired connection.

For SQL SVR 2008, there is some additional Surface area configuration needed to allow connections including connections to named instances.

Note that with Open DNS turned on, you can enable local SQL SVR connections using the port forwarding settings of the Dlink Router. If you turn off Open DNS, the port forwarding settings are not required for connections between computers on your network. If you want to allow SQL SVR connections from the Internet to computers on your DLink Network, you need to configure this in Virtual Server settings (not Port Forwarding). Both Port forwarding and Virtual Server are found on the advanced tab.

My Router is less than a year old (DIR 655)

Best Answer

Related Solutions

Ssh – How to set proxy for subversion with ssh tunnel

Sql-server – Why can’t I connect to remote Microsoft SQL Server through SSH tunnel

Related Topic