Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
This is probably something simple and I'll kick myself later ... I've move a computer that does Samba shares to a different network and IP. Now I can't connect to it. I can ssh, http and POP/SMTP to it, but not samba mount. All I get in my /var/log/messages file is:
Code:
CIFS: Attempting to mount \\24.142.999.99\trashbin
I'm doing:
Code:
mount -t cifs -o username=me,password=mypass,uid=myuser,gid=users,_netdev //24.142.999.99/trashbin /mnt/trash
Hopefully 24.142.999.99 is a made-up address, since it is not a valid IP.
Yes, it is fake.
Quote:
Please check /proc/filesystems. If cifs is not present, you may need to load filesystem support with:
Code:
sudo modprobe cifs
If that was the problem you can add an entry to /etc/modules-load.d/ to automatically load the cifs module at boot.
cifs was not present, but this same config worked find before I moved the computer. Nevertheless, I triled the modprobe cifs (and verified it was loaded). It didn't help.
Quote:
Originally Posted by michaelk
Define what you mean by move to another network.
I mean that I had this on my local LAN with IP 192.168.0.15. Then I phyiscally move this computer to another location with a public/static IP. As mentioned, all other ports work.
Quote:
Do you have a specific hosts allow directive in your smb.conf?
I did not, but I added one to smb.conf. No go.
I have ports 139 and 445 configured with iptables. Doing 'telnet localhost 139' (or 445) works. Doing 'telnet FDQN 139' (or IP) does not. Do you suppose the ISP is blocking these ports?
Did you check your "interfaces" setting in smb.conf? There you can set it to only listen on certain interfaces, certain subnets, on a certain address. If those are set and you change network without re-setting it to match you would expect this behavior.
IMHO it is a very bad idea to use SMB directly over the internet which is why ISPs block those ports. smb3 is better but is not 100% secure either IMHO. Better to use VPN. Even though you change ports the script kiddies will eventually find you.
IMHO it is a very bad idea to use SMB directly over the internet which is why ISPs block those ports. smb3 is better but is not 100% secure either IMHO. Better to use VPN. Even though you change ports the script kiddies will eventually find you.
I agree, that's why I am going to try to set up using NFS for now. If I can mount the NFS exports locally, I can then Samba/cifs share those NFS mounts on my local linux host for mapping by my local Windows computer. I've done this before.
Thus far I have configured the NFS export of the remote computer:
Code:
/tmp/trash 184.57.999.99(rw,no_root_squash,acl)
and opened port 2049 on the firewall.
I am running nfsd, rpc.mountd and rpc.statd. I can now mount via nfs:
Code:
# mount -t nfs -o noauto,nfsvers=4,rw,hard,intr remotehost.com:/tmp/trash /mnt/trash
Note that I needed nfsvers=4. Using nfsvers=3 I got the error:
Code:
mount.nfs: rpc.statd is not running but is required for remote locking.
mount.nfs: Either use '-o nolock' to keep locks local, or start statd.
even though rpc.statd was running.
I've also successfully Samba-shared this NFS mount and mapped it from my local Windows 10. All seems to work, but much slower than when this was all local.
I am not an expert in nfs security but you probably should be using version 4 with kerberos authentication over the internet. I suggest using a VPN like wireguard or OpenVPN. I thought about suggesting using sshfs -> samba share but I do not think that would be reliable.
There is NO kind of drive sharing that is very secure over wild network (the internet as one example). CIFS and NFS are fine in secure environments. Over secured VPN they suck, can be problematic, and are still less than secure. SSHFS is my choice, and only brought up on-demand for short periods. I find better ways to operate than drive mounts wherever possible.
I figure we will invent a perfectly secure drive mount system one day, and two days later some hacker will figure out how to break it.
michaelk and wpeckham: Thanks for your feedback. Background: For 20 years I've had my main "work" computer in my home office with my own mail server on a dynamic IP. I've logged into that from a Linux workstation, also at home, running KDE and that workstation would mount some of the folders via cifs for access by Dolphin, Kate, etc. This workstation also runs a Windows 10 Virtual Machine, and the cifs mounts were useful for mapping these same folders for access by Windows. Originally, that was all on an internal 192.168.0.0/24 network.
Lately, services like gmail have been cracking down and not allowing mail from dynamic IPs. Therefore I had the choice of getting a static IP for my home office, or moving the main "work" server to an office location with a static business IP. I chose the latter ... for now.
So far things are working OK with the NFS mount to my linux workstation and cifs mounts from Windows to the linux workstation. I am using nfs v4. I'll add tunneling when I get a chance. I have restricted the nfs export to just my home IP address.
More feedback is welcome, but I think since my original question has been answered I should probably mark this as solved.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.