Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Need Help with Putty and SSH tunneling to SMB

Western Digital Drives - The Preferred Drives of FreeNAS and TrueNAS CORE
Status
Not open for further replies.

Shanzhaii

Neophyte
Joined
Sep 3, 2016
Messages
7
Hey everyone!

First off i have to thank the awesome community which allowed me to learn so much in so little time.

Here is my setup:
i have an old computer running freenas 9.10.1 on 192.168.1.14 with ssh
router forwarding ssh connections on port 10987 to the server
no ip for a dyn dns service
i am in Europe, using an ISP which does not allow me to connect to my network from the internet, when i am localy in the network (sry for bad explenation :confused:): testing is done locally but some things could therefore be different
the ssh clients are running windows (using putty)

my goal is to use a samba share on university computers , which support add network location on windows, but all this tunneling through ssh. Needless to say i do not have administrator rights on those pcs, so no editing drivers or creating a loopback network controller;).

to test ssh tunneling, i was trying to create a tunnel to access the webgui (running on port 4567). Everything works with putty's tunnel section as so:



I can connect to the webgui with http://localhost:5001

However, if i try using a command to establish the connection, such as ssh -L 5001:192.168.1.14:4567 192.168.1.14 -p 10987, nothing happens in my web browser
adding -f and -N does not help
i cannot figure out the problem, so please help.

While i am at it, i'll ask a couple more questions. :rolleyes:

-since 445 is port used for smb, this is the one i will need to tunnel right. (or maybe 139?). That means i need root rights to tunnel. But it is the freenas root right (not the client root)? so i can just use sudo i guess
-when trying to forward a port as root, it says permission denied (public key), and at one point it would ask my password and after entering it right, it would say permission denied (public key, password) (yes i ma using public key auth)
-i dont know what option to use for putty log. also, should i look at putty log or freenas ssh log?

Thank you so much for your help

shan :)
 

Attachments

  • putty tunnel.png
    putty tunnel.png
    17.8 KB · Views: 1,051

JoshDW19

Community Moderator
Administrator
Moderator
iXsystems
Joined
May 16, 2016
Messages
980
Bumping this for @Shanzhaii . Can anyone lend a hand on this issue?

Thanks!
 

Shanzhaii

Neophyte
Joined
Sep 3, 2016
Messages
7
unfortunately no because the point of the server is to be able to directly work on it through the add network location option. For example, with a Catia document, instead of having to save the file to work on, work on it, and then reupload, we can just work on it directly. it therefore has to be SMB because SMB is the only option which supports working directly onto a server, without installying any programs. I want to use SSH because i do not want to keep port 139 or 445 open due to obvious security issues.

Sorry if the description was unclear. I do realize this is an extremely complicated and precise situation, but I want to know if it is even remotely possible

Thank you for your reply,
Shan
 

Ericloewe

Not-very-passive-but-aggressive
Moderator
Joined
Feb 15, 2014
Messages
17,452
For example, with a Catia document, instead of having to save the file to work on, work on it, and then reupload, we can just work on it directly.
Woah, that's a recipe for a very bad day on a local network. I don't want to imagine doing it over the internet. I think I'd rather tunnel an X11 session running whatever software is needed than try to edit CAD stuff that's stored remotely.

Have you tried this over the local network? Does it work in a halfway acceptable manner?
 

Shanzhaii

Neophyte
Joined
Sep 3, 2016
Messages
7
Yes, i do understand the issues you are raising: i am guessing you are saying it is unsafe to work directly on a server, just like it is unsafe to work on a USB key... (hopefuly that's what you meant?). But don't worry, we are talking very important school projects so backups and snapshots will be made. Also, same problem, i cannot use x11 because it defeats the purpose of working on the school computers, more powerful than my small laptop and better screens

on a local network, i can create a tunnel just fine (for webgui as said in my first post), but i have tried ports 139 or 445 for SMB and if i go into \\localhost\share_name, nothing shows up.
The problems is that i do not have my logs right so i cannot so what is wrong. probably just some administrative issues since i am dealing with privileged ports.

i have seen on other forums people tunneling SMB, but they always add a windows loopback and connect to that instead of localhost, and change drivers to use an unprivileged port.
Is it even possible to skip both of these steps?

Thanks,
Shan
 

Ericloewe

Not-very-passive-but-aggressive
Moderator
Joined
Feb 15, 2014
Messages
17,452
Yes, i do understand the issues you are raising: i am guessing you are saying it is unsafe to work directly on a server,
Not unsafe, but painfully slow.
 

Ericloewe

Not-very-passive-but-aggressive
Moderator
Joined
Feb 15, 2014
Messages
17,452
It's not about compression, it's about latency. Bandwidth too, to a lesser extent, but it's generally latency that kills this kind of thing. Adding internet latency would only make things worse, hence the suggestion of trying it locally to see if that absolute best case is vaguely acceptable.
 

Shanzhaii

Neophyte
Joined
Sep 3, 2016
Messages
7
ok then but i need help setting the tunnel up. first of all do i need to use root as we are dealing with privileged ports? and i need to know if i should forward port 139 or 445. Also, how do i get logs working; which putty option should i choose?

Shan
 

Ericloewe

Not-very-passive-but-aggressive
Moderator
Joined
Feb 15, 2014
Messages
17,452
ok then but i need help setting the tunnel up.
No, I mean without tunnels. Just access the share directly. If that performs acceptably, then we can figure this one out.
 

Shanzhaii

Neophyte
Joined
Sep 3, 2016
Messages
7
Oh yes, no worries, accessing directly is performing very well, esepcially compared to ftp. keep in mind the files we will be dealing with are quite small as well. but SMB performs very well, even over internet (yes, i did try : SHAMMMMEEE)
 
Status
Not open for further replies.
Top