[wplug] samba-like access "From the outside"

Bill Moran wmoran at potentialtech.com
Fri Mar 26 14:43:50 EST 2004 

Brandon Kuczenski wrote:
> Now that 301south.net is actually a multi-user (well, two-user) system I
> would like to change a couple things -- I have setup my home computer
> (Windows) to mount my home directory on login via samba.  That's secure
> because the SMB ports are blocked on the outside-world ethernet interface,
> but not the internal one.  What I'd like to do is enable remote users to
> connect to their home directories without opening holes in my firewall for
> the SMB ports.
> 
> The only thing I can think of so far is setting up SSH tunneling for all 
> the SMB ports so that once someone [in this case, my girlfriend] connects 
> to the system, she can then mount her home directory as a drive from a 
> windows computer.  Is there a better way to do this?  Will this even work?

You've got the basic ide right, but ssh may not be the best tool.

Probably the easiest to get working for Windows machines is PPTP, which is
a VPN system that uses Windows dial-up networking.  Unfortunately (in my
experience) PPTP is slow, and unreliable.  But setting it up is usually
pretty easy.

Probably the best way to do this is IPsec.  I don't have any experience
setting up remote machines to connect via IPsec, but it should be able to
do it ... although configuration can be a bear.

On a related note ... you don't know how slow your Internet connection is.
Trust me.  The biggest problem you'll have is that when your g/f connects
via the VPN, she'll get so frustrated with how slow everything is that
she'll stop using it.  I guess SMB is a very ineffecient protocol (since
it was designed for LANs with 100mb/sec links) and it doesn't work worth
a damn across a 128k DSL line (sure, you've got 1.5m/sec on the download,
but what's your uplink speed?) and it is only bearable across a 1.5m/sec
line (Don't believe me?  How many people do you know who complained because
they were on the 10mb/sec leg of a business network ... once they saw
what it was like on the 100mb/sec legs!)

In my (professional) opinion, you'll be better off using something like
rsynce to synchronize her local directory with the server at connection/
disconnection time ... Or force her to use a lightweight file-sharing
protocol like ftp (not secure, though ...).

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com

More information about the wplug mailing list