Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a Linux server which sits on a public IP and is accessible from the www. I also have another linux device (NMT) which sits behind my NAT (wireless router).
The SERVER(PUB) has a public IP (x.x.x.84), and is accessible from the www.
The NMT(PRI) has a private IP (192.168.n.n), and is not accessible from the www
The MainRouter hands out the public IP addresses (x.x.x.81-x.x.x.86) to the SERVER(PUB) (x.x.x.84) and the WirelessRouter (x.x.x.83) using DHCP (although in reality they are fixed with DHCP reservation)
The WirelessRouter hands out the private IP addresses (192.168.1.x) for all the other devices which connect, including the NMT, and it gets its external public IP from MainRouter (.83). The key device IPs are also 'fixed' using DHCP reservation in this subnet.
This is all fine, except I have a few scripts which run on the SERVER(PUB) which require the SMB share on the NMT to be mounted to a local directory. (e.g. SERVER/media/NMT/share/)
My initial attempts at mounting using the 192 address didn't work (unsuprisingly), but now I am a bit stuck. Should I use the wireless router's external address instead? How would it resolve the correct share? Do I need to do some port forwarding or something? Static route? I am grasping at buzzwords here...
I suppose my question is: Is it possible to mount a samba share from an internal IP (192.168.n.n) onto a server which is on a public 'net? If so, what are the steps? If not, great, i'll stop trying.
I hope that there is enough info here to get an answer, but please let me know what you need to know if not,
Thanks
Jim
Last edited by mredward1974; 04-03-2010 at 02:38 PM.
Reason: SOLVED!
Hi Jim,
I'll see if I can answer this for you. If I understand correctly your network looks something like this.
(ignore the leading '_'s I had to use those to maintain the diagrams, otherwise the leading spaces were removed and it didn't make much sense at that point)
To have SERVER mount a share on NMT you will need to add a route on SERVER that points back to the outside interface of WirelessRouter. In WirelessRouter you need to port forward traffic coming from SERVER to the SMB/CIFS ports on NMT.
The route should look something like this;
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.xx x.x.x.83 255.255.255.x U 0 0 0 ethx
You'll want to verify the ports you need to 'port forward', but I believe they are tcp/138, tcp/139, and tcp/445. I'm pulling those off the top of my head, so I may be off. You'll also only want to accept traffic from SERVER on those ports also unless you want to share them with the internet at large. I would place a rule on my MainRouter to deny that traffic passing through the router (I'm taking for granted that MainRouter has a firewall or similar capabilities built in).
=======================================
Alternatively, you could add a NIC to SERVER (unless you have an unused NIC port already) and give it an internal IP and connect it to the inside of WirelessRouter. You would need to make sure you just use that for your SMB/CIFS traffic with a static route on SERVER.
I am assuming here that SERVER and NMT are on different subnets. SAMBA can do "cross-subnet" browsing using a WINS server setup (see SAMBA docs on Network Browsing), but if both devices are running Linux then why use SAMBA - you could use FUSE/sshfs to mount the NMT share and forget SAMBA for this task!
Don't get tangled up in IP configuration unnecessarily - use FUSE/sshfs (it is easy to set up!). You should have sshd running on NMT, and sshfs installed on SERVER. Set up port-forwarding for whatever port number you decide to use (say 7213) in your wireless router to direct traffic to NMT (192.168.1.x). From your server you can use basic command line "sshfs -p7213 username@x.x.x.83:/NMT_path_to_share /SERVER/media/NMT/share". You should consider setting up a trust between machines using ssh-keygen as described in SSHFS AUTOmount .
but if both devices are running Linux then why use SAMBA
Because windows machines behind the NAT also need access to the shares. Have I understood Samba correctly?
Quote:
For smb it would be better to create a VPN tunnel.
I dont need SAMBA access over the internet, just a connection between a public IP range and a subnet on an internal IP range, all behind my firewall and on my own 'internal network'. There are a few services on the NMT which I can port forward when I get this working.
@wernl, thanks a lot for your detailed reply, I think you have grasped the problem correctly, so I wlll read through it carefully and have a go. I'll report back when I get stuck! I'm sure I have a spare NIC somewhere so maybe that's an option if I'm struggling.
Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place.
I've reported this post suggesting the ones from the thread in Linux-Server be merged here, rather than simply closing this duplicate thread.
In the future, if you found that you posted in the wrong forum, you can report your own thread and request it be moved.
Understood and apologies again...as I worked through the eissue I thought that the thread was better placed in the other board, but here is also fine by me.
There was a good reply in the other thread which I paste here in case its of use to anynoe else in the same situation..I'm going to try this next, as the IP routing thing didn't work for me (I am probably doing something silly) so if the following works i'll let you know.
Quote:
Don't get tangled up in IP configuration unnecessarily - use FUSE/sshfs (it is easy to set up!). You should have sshd running on NMT, and sshfs installed on SERVER. Set up port-forwarding for whatever port number you decide to use (say 7213) in your wireless router to direct traffic to NMT (192.168.1.x). From your server you can use basic command line "sshfs -p7213 username@x.x.x.83:/NMT_path_to_share /SERVER/media/NMT/share". You should consider setting up a trust between machines using ssh-keygen as described in SSHFS AUTOmount .
You should have sshd running on NMT, and sshfs installed on SERVER.
I think so; just to check, I can ssh into the NMT from my laptop on the same net (192.186.1) which means sshd is running, right?
Quote:
Set up port-forwarding for whatever port number you decide to use (say 7213) in your wireless router to direct traffic to NMT (192.168.1.x).
I did this in the Forwarding -> Virtual Servers section on the wirelessRouter's web admin pages:
Code:
Service Port: 7213
IP Address: 192.168.1.102
Protocol: ALL
Status: Enabled
Quote:
From your server you can use basic command line "sshfs -p7213 username@x.x.x.83:/NMT_path_to_share /SERVER/media/NMT/share".
I get:
Code:
user@server:~> sshfs -p7213 nmt@x.x.x.83:/share /media/pch/
read: Connection reset by peer
And I just tried it as root and same thing. (obviously I am replaceing the x's with the proper IP!)
Quote:
You should consider setting up a trust between machines using ssh-keygen as described in SSHFS AUTOmount.
I created a key using ssh-keygen:
user@server:~>ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa.pub
And it does its thing, and says:
Code:
Generating public/private rsa key pair.
/home/user/.ssh/id_rsa.pub already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.pub.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.pub.
The key fingerprint is:
x:x:x:x:x:x:x:x:x:x:x:x:x:x:x:x user@server
The key's randomart image is:
blah
then I did:
Code:
cat ~/.ssh/id_rsa.pub
Which spat out a load of numbers and letters which I pasted into:
~/.ssh/authorized_keys
on the NMT (after the one which is already there for my laptop to enable me to ssh into the box from my laptop)
First I forwarded the port that Dropbear (sshd) is listening on instead of the random one - i'll change that to a random one once I figure out how, and get this working), and I was able to connect, but was refused as the key was wrong.
I managed to ssh into the NMT from the SERVER with an rsa key generated (I think I have my head around how that works now!). At first I had a passphrase, and that asked for the passphrase when I tried to log in and it worked.) Then after not succeeding the mount part, I recreated a new rsa key without a passphrase, and the result was the same:
Code:
user@SERVER:~> ssh -v nmt@x.x.x.83
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to x.x.x.83 [x.x.x.83] port nn.
debug1: Connection established.
debug1: identity file /home/ninan/.ssh/id_rsa type 1
debug1: identity file /home/ninan/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version dropbear_0.52
debug1: no match: dropbear_0.52
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'x.x.x.83' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /home/ninan/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = en_GB.UTF-8
nmt@PCH-A110 nmt$
Since Dropbear (the default ssh server) apparently does not support sshfs, you will need to install and run Openssh instead. This in turn requires Optware. Obviously you should have a drive attached to your router to have something to share, so a router with a usb port is necessary.
Note from Manuel: I managed to use sshfs with the default ssh by installing the "openssh-sftp-server" package and passing the path to the sftp-server as command-line option "-o sftp_server=/opt/libexec/sftp-server" to sshfs.
I cant find an "openssh-sftp-server" package for OpenSuse11.2, but there was a 'vsftpd' which I installed, and also a 'libcsync-plugin-sftp', so I installed those too, but still no joy.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.