9
2
Simple question: I have a NATed Linux at home that hosts a couple of samba shares. What Ports should I forward from the router to the Linux box so as to be able to access those shares from the internet with windows explorer (a la "\my.dyndns.org\shares\xxx" style)? I want the minimum number of port openings that I should do in the router config to have read/write functionality.
EDIT: Client machine is a Vista one
Paralife
Posted 2011-04-14T08:09:44.400
Reputation: 253
10
"NetBIOS Name Service" is TCP/UDP 137, and "NetBIOS Datagram" is UDP 138, but you do not need any of these to connect to shares. These days it is only necessary for "network browsing", which only works within a LAN anyway.
user1686
Posted 2011-04-14T08:09:44.400
Reputation: 283 655
3
445 for tcp
Contrary to the original answer here, there's no reason to allow 137-139 which should be blocked.
However, I strongly recommend you do not do this. I don't think leaving a samba share internet-accessible is a good idea.
Please please please set up a secure solution such as an ssh server, so that you can scp/sftp data back and forth.
P.s. http://support.microsoft.com/kb/832017 seems to be a good reference of ports required by windows servers and http://www.petri.co.il/whats_port_445_in_w2k_xp_2003.htm explains the above a little more in depth.
Pricey
Posted 2011-04-14T08:09:44.400
Reputation: 4 262
there is nothing wrong in opening WAN against TCP445 as long as you setup firewall to allow specifics – mschr – 2016-11-17T03:27:39.210
@mschr So in summary, there is something wrong with opening 445 on the wan unless you setup further restrictions. ;-) – Pricey – 2016-11-21T14:57:56.237
Thanks I am so ** stupid, I ve been trying all day, but forgot UDP... – Paralife – 2011-04-14T08:32:16.267
Also for the security issue I ll try to do it over ssh tunnels. Wouldnt be this secure enough? – Paralife – 2011-04-14T08:32:55.410
...btw, can ssh tunneling handle udp connections? – Paralife – 2011-04-14T08:36:50.180
1
Tunneling samba through ssh is certainly possible, here's a guide: http://www.axllent.org/docs/networking/samba_over_ssh
– Pricey – 2011-04-14T08:39:49.730I've edited my answer after grawity's answer as he makes a good point, even if my answer would have worked. – Pricey – 2011-04-14T09:36:54.150
1139 is not for browsing... Older Windows versions use it for the SMB protocol, wrapped inside a NetBIOS session. So it has exactly the same security issues as 445 (raw SMB). – user1686 – 2011-04-14T10:44:38.557
Bah leave me alone, I'm going back to Linux! :-) (post edited) – Pricey – 2011-04-14T10:48:08.047
-1
OK here is a guide that could make my grandma do it in 5 mins. Worked without a glitch
Paralife
Posted 2011-04-14T08:09:44.400
Reputation: 253
Aha you're right. Although my 'answer' would have worked i think, I've edited it to the preferred solution. I still reckon openssh is a better way to go. – Pricey – 2011-04-14T09:35:23.260
1Vista has a problem making 445 work with forwarding. See my answer for a nice solution link about how to do CIFS over SSH on Vista. – Paralife – 2011-04-14T13:44:17.573