How to mount smb over ssh tunnel to host?

I have tunneled mixed linux and windows clients to a 'within-firewall client' (that could access the share's host) before, so I know that that, at least, is possible.

But what about tunneling directly from the client to the host of the network share?

Can I have samba listen on port, say, 5559 (just an example), and only accept connections from localhost, and tunnel a client's 5559 to that host - so that the client appears to be connecting from host's localhost? I can't figure out how to set it up. So far, I have samba configured:

hosts allow = 127.0.0.1 ::1 lo
interfaces = lo 127.0.0.1
bind interfaces only = yes
And I'm tunneling from the host:

ssh -R 5559:localhost:5559 shrusr@shrhost -Nf
However, if samba is already running, than TCP forwarding fails. If the tunnel is already running, than samba cannot start. Is what I'm trying to accomplish possible? Is there some other way to do it?

It seems like it should work - I can even netcat myself files across that ssh tunnel. So, netcat has no problem listening to the same port as ssh. Only smbd refuses, and also blocks ssh from that port if started first.

Any advice would be appreciated.
Saburouta MishimaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
the difficulty you when mapping a an SMB share, I am uncertain you can direct the requests to flow to a port other than expected, you could setup a you need an SSL or IPSEC vpn that .. a socks proxy, but not sure whether you could ...


you could try creating a tunnel localhost:5559 to the remotehost:445
but the issue is how to use/specif in the mapping \\localhost:5559\sharename.

The issue I think is a functional one. Have you looked at SSL VPN or ipsec VPN
in a maner of speaking you need a clear path to the destination port 445
\\someip\someshare that will traverse the tunnel.

After some thinking, perhaps someone already needed this particular setup and .....

https://www.simonholywell.com/post/2009/04/samba-file-share-over-ssh-tunnel/

see if this helps you.
0
Saburouta MishimaAuthor Commented:
I tried adapting the concepts from the link to doing it with Windows and Putty. No luck. Since that link is about a fairly automatic setup, it's actually not all that useful.
0
murugesandinsShell_script Automation /bin/bash /bin/bash.exe /bin/ksh /bin/mksh.exe AIX C C++ CYGWIN_NT HP-UX Linux MINGW32 MINGW64 SunOS Windows_NTCommented:
Writing the comment for
closing this question (last comment on 2017-11-12)
which will be performed if inactive more than 14 days.
0
Saburouta MishimaAuthor Commented:
This cannot be done. SSH tunnels over TCP and is therefore unable to correctly route all cifs traffic.

I will move on to trying to use OpenVPN instead of SSH.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Saburouta MishimaAuthor Commented:
This cannot be done.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.