With Samba, you would have to expose ports 139/tcp and 445/tcp to the outside – usually this involves configuring "port forwarding" in your router. Additionally, you must make sure that your external IP address is pingable from the outside.
After this, you'll be able to access the shares by entering \\youraddress
in Explorer's address bar or in Start - Run. (Here youraddress is either your external IP address or your DNS name, if you have one.)
Note, however, that the CIFS and SMBv2 protocol used by Windows file sharing does not provide data encryption (so anybody with a packet sniffer can monitor your file transfers), and its authentication is not especially strong either. Only SMBv3 gained encryption support.
Also, don't forget that the Windows' SMB service has in the past been a very frequent infection target. While most Windows exploits do not affect Samba in any way, this is still worth remembering (and often means that the SMB ports get blocked at ISP level).
Also note that Windows machines by default remember the login credentials for the entire local session. Unless you're connecting to Samba as "Guest", you must take special care on public machines: always use net use \\address
before opening in Explorer / net use \\address /del
to disconnect. (This is not needed on personal computers.)
For some extra security, add the following to general section in smb.conf
:
LANMAN auth = no
NTLM auth = no
invalid users = root
zerotier is the way to go. – fie – 2019-05-09T21:37:45.430
For anyone reading this question in 2019 and beyond, I ended up deciding against this—partially because my ISP blocked the SMB ports, but mostly because, like others here have said, it's just a bad idea from a security standpoint. At the time I ended up renting a server and using SCP to upload files + nginx to serve them, which worked well enough. I've since switched to using Syncthing for these sorts of things, which is way easier to use and manage, especially for non-technical folks.
– Sasha Chedygov – 2019-05-10T19:54:26.917You really should use SCP. – kzh – 2011-07-17T21:53:35.170
@kzh: That's a little too complex for some of my family members. – Sasha Chedygov – 2011-07-17T21:55:09.547
WinSCP has Win Explorer integration: http://winscp.net/eng/docs/integration
– kzh – 2011-07-17T21:57:27.257@kzh: Well the whole point is to avoid having to install software to get it to work. Without that constraint, I would just use a VPN. – Sasha Chedygov – 2011-07-17T22:01:06.440
It's possible to carry WinSCP on a pendrive - preconfigure it for "easy" mode, give .exe/.ini to users. – user1686 – 2011-07-17T22:07:16.420
1Nothing personal regarding the accepted answer, but while that may have technically answered your question, I would NEVER do this. You are really exposing yourself, especially if you have anything sensitive on your network. I would say the right way is to set up a simple PPTP VPN for your family to connect to, and then let them have access. – KCotreau – 2011-07-17T22:50:33.857
1@KCotreau: There is a lot more to this question that I left out for the sake of simplicity. Let's just say that the data that we will be exposing is not in any way sensitive. I understand and accept the security risks--I just wanted a simple answer to my specific question. – Sasha Chedygov – 2011-07-18T00:39:38.063
1@musicfreak My concern is that it is a point of attack into other areas of computer, or even network as a whole. Obviously, you are free to do it however you want, but I still don't recommend it unless there is nothing on the computer, at least, not just the share. A very cool book is "Hacking Exposed". It shows just how much hackers attack these protocols. – KCotreau – 2011-07-18T00:51:03.583