On Wed, 9 Feb 2005, Aaron J. Zirbes wrote: > Date: Wed, 09 Feb 2005 09:16:46 -0600 > From: Aaron J. Zirbes <[EMAIL PROTECTED]> > To: JLB <[EMAIL PROTECTED]> > Cc: [email protected] > Subject: Re: [Samba] Firewall piercing - The Specified network name is no > longer available. > > JLB wrote: > > I've already set up zero-install Web-based telnet, zero-install Web-based > > MP3 players... I even concocted a zero-install CygWin workalike and > > keep it on my keychain USB drive... now I need a zero-install way to > > access my files via Windows machines. And that means SMB. NOT OpenVPN, > > OpenSSH, OpenVMS or any other "Open". > > > WinSCP is a MUCH better way to go for this type of thing. ...And it can > be zero-install. > > FYI, this will need to connect to an SSH server,
...I know what WinSCP is, and I certainly know how it works ;) > and if you're running > OpenBSD... (one of the Opens... hehe) it will be probably be via > OpenSSH... (another "Open") > > b.t.w., I'm also curious why you threw that "OpenVMS" in there with > OpenSSH and OpenVPN? OpenVMS is an operating system typically run on > Digital hardware. Just because it began with "Open" and ended in a three-letter acronym. Had I been able to think of another, fourth such word, I would have tossed it in as well ;) > > P.S. If you don't want any "Open" software, may I ask why you are > running OpenBSD? It was merely a play on words. I happen to LIKE the "Open" software. However, typical Windows-running people (who get skittish enough when you simply open a command prompt window, thinking you're "hacking") make my job more difficult by creating a situation in which things go much more smoothly when I don't have to install ANYTHING, much less some open-source software that'll creep them out. (N.b. in some situations, installing open-source/free software on Windows boxes run by F/OSS-phobic Windows types makes a lot more sense than NOT doing so... e.g. I am about to half-heartedly start a project for people to install FireFox on Windows users' computers, sometimes without their knowledge, but that's due to the impact of spambot-infested Windows boxes on the Internet at large, and the global impact of productivity lost to the slowdowns caused by spyware) > > > -- > Aaron Zirbes > Systems Administrator > Environmental Health Sciences > University of Minnesota > > > JLB wrote: > > On Wed, 9 Feb 2005, Paul Gienger wrote: > > > > > >>Date: Wed, 09 Feb 2005 08:54:57 -0600 > >>From: Paul Gienger <[EMAIL PROTECTED]> > >>To: JLB <[EMAIL PROTECTED]> > >>Cc: [email protected] > >>Subject: Re: [Samba] Firewall piercing - The Specified network name is no > >> longer available. > >> > >> > >> > >>>I'm trying to set up one of my Unix machines at home so I can access my > >>>stuff there via SMB from the Internet at large (read: from Windows-using > >>>clients'). > >>> > >>> > >> > >>Are you saying that you're trying to allow access from 'random internet > >>user'(which is probably you) directly to your samba machine? You will > >>have problems with this if it is what you're doing. > >> > >>1. because you may have a default filter on your firewalls that block it > >>from traversing, although I think most sane manufacturers took this rule > >>off now > > > > > > I already poked and prodded at all such filters. They seem off now. > > > > > >>2. because your ISP probably blocks/filters those ports. > > > > > > They don't. > > > > > >>3. because it's a Bad Thing (TM)(R)(C) > > > > > > The chance of any random joker stumbling upon a dynamically allocated IP > > and h4x0ring into a password-protected share on a SPARC64 machine running > > OpenBSD with a recent version of Samba is .... > > > > ....slim. > > > > > >>Spend a little time and set up a vpn endpoint on your box and just > >>forward the necessary ports over, i think openvpn is 5000. You'll be > >>much happier, sane, and protected as such. > > > > > > And I will make use of this on client machines with strict "Thou Shalt Not > > Install any Unauthorized Software" policies... how? > > > > I've already set up zero-install Web-based telnet, zero-install Web-based > > MP3 players... I even concocted a zero-install CygWin workalike and > > keep it on my keychain USB drive... now I need a zero-install way to > > access my files via Windows machines. And that means SMB. NOT OpenVPN, > > OpenSSH, OpenVMS or any other "Open". > > > > > >>>I'm behind two NATting devices-- the lame-p Prestige DSL modem provided by > >>>Sprint DSL (a.k.a. Earthlink?) and a more typical home DSL/cable gateway > >>>device. > >>> > >>>I've poked holes in BOTH of these devices on ports 137, 138, 139 AND 445. > >>>Only port 139 actually responds to TCP connections (well, only port 139 > >>>accepts a telnet, even from localhost. > >>> > >>>See: > >>> > >>>-------------------------------------------------------------------------- > >>>-bash-2.05b# telnet localhost 137 > >>>Trying ::1... > >>>telnet: connect to address ::1: Connection refused > >>>Trying 127.0.0.1... > >>>telnet: connect to address 127.0.0.1: Connection refused > >>>-bash-2.05b# telnet localhost 138 > >>>Trying ::1... > >>>telnet: connect to address ::1: Connection refused > >>>Trying 127.0.0.1... > >>>telnet: connect to address 127.0.0.1: Connection refused > >>>-bash-2.05b# telnet localhost 139 > >>>Trying ::1... > >>>telnet: connect to address ::1: Connection refused > >>>Trying 127.0.0.1... > >>>Connected to localhost. > >>>Escape character is '^]'. > >>>^] > >>>telnet> close > >>>Connection closed. > >>>-bash-2.05b# telnet localhost 445 > >>>Trying ::1... > >>>telnet: connect to address ::1: Connection refused > >>>Trying 127.0.0.1... > >>>telnet: connect to address 127.0.0.1: Connection refused > >>>-------------------------------------------------------------------------- > >>> > >>>It should go without saying that this machine's Samba shares work > >>>PERFECTLY WELL within the LAN. ;) > >>> > >>>Now, from the outside, I can telnet to port 139 on the machine just fine, > >>>through both NAT devices. However, when I go Start, Run, > >>>\\x.y.z.a\sharename (where "x.y.z.a" is the IP address-- not the FQDN-- of > >>>the machine), Windows vomits up this unhelpful message: > >>> > >>> > >>>-------------------------------------------------- > >>>\\x.y.z.a\sharename > >>>The specified network name is no longer available. > >>>-------------------------------------------------- > >>> > >>>See: > >>> > >>>http://jlb.twu.net/tmp/unhelpful.png > >>> > >>>Any ideas? The client machine runs Windows 2000 Pro. > >>> > >>>-- > >>>J. L. Blank, Systems Administrator, twu.net > >>> > >>> > >> > >>-- > >>-- > >>Paul Gienger Office: 701-281-1884 > >>Applied Engineering Inc. > >>Systems Architect Fax: 701-281-1322 > >>URL: www.ae-solutions.com mailto: [EMAIL PROTECTED] > >> > >> > >> > > > > > > -- > > J. L. Blank, Systems Administrator, twu.net > > -- > Aaron Zirbes > Systems Administrator > Environmental Health Sciences > University of Minnesota > [EMAIL PROTECTED] > 612-625-3460 > -- J. L. Blank, Systems Administrator, twu.net -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
