Objective: Enabling Windows in local network to use file servers in remote LAN.

Author: Ray Sin ray@in51.com
URL: http://ray.in51.com/linux/remote-smb.htm
All rights reserverd.

Last updated: 2008-03-15

Table of Content:
1. Build ssh tunnels between *nix servers in each LAN.
2. Real world problems
3. Related commands.


1. Build ssh tunnels between *nix servers in each LAN.

Description:
Inspect the local *nix server; if SAMBA is being used then bind it to real IP; make IP 
alias; ssh tunnel that IP alias port 139 and445 to remote file servers.

In the following example, local server is FreeBSD; SAMBA in remote *nix server and one more file server in remote LAN. There is no reason restricting you from making a n-to-n LAN and file servers.

Naming: vr0 is the network card in the FreeBSD; ssh.server is remote server, is
defined IP in local file /etc/hosts or by real internet. 

To tell SAMBA in FreeBSD to ignore those aliases:
root@fb1[~]$ vi /usr/local/etc/smb.conf

   interfaces = vr0 lo0
   bind interfaces only = yes

To boot with aliases:
root@fb1[~]$ vi /etc/rc.conf

ifconfig_vr0_alias0="inet 192.168.0.98 netmask 255.255.255.255"
ifconfig_vr0_alias1="inet 192.168.0.99 netmask 255.255.255.255"

root@fb1[~]$ reboot

To make a batch to start the tunnel:
root@fb1[~]$ vi /root/mk_tunnel.bat

ssh -f -L 192.168.0.98:139:127.0.0.1:139 ssh.server sleep 99999
ssh -f -L 192.168.0.98:445:127.0.0.1:445 ssh.server sleep 99999
ssh -f -L 192.168.0.99:139:192.168.1.28:139 ssh.server sleep 99999
ssh -f -L 192.168.0.99:445:192.168.1.28:445 ssh.server sleep 99999

Above 192.168.0.x is local IP alias; 127.0.0.1:139 is SAMBA in remote server, now 
associated with local 192.168.0.98; 192.168.1.28:139 is file server in remote LAN, now
associated with local 192.168.0.99; port 445 is needed to cater XP Home and Vista Home.

To run the batch:
root@fb1[~]$ chmod +x /root/mk_tunnel.bat
root@fb1[~]$ /root/mk_tunnel.bat


2. Real world problems and workarounds

a. There is no way to associate a netbios name on behalf of remote file server into 
  browse list (network neighborhood). If you can, please let me know. I have tried to 
  add lines into SAMBA data file with no luck.

b. Some versions of Windows, e.g. Vista Home and XP Home, cannot NET VIEW or
  NET USE the remote netbiod name.
  Workaround: also tunnel the port 445 along with 139 and NET USE first.


3. Related commands.

To close all tunnels:
root@fb1[~]$ killall ssh

To close individual tunnel, check the pid first, then kill that pid:
root@fb1[~]$ ps fax|grep ssh
99017  ??  Ss     0:00.23 ssh -f -L 192.168.0.98:139:127.0.0.1:139 ssh.server sleep 99999
99018  ??  Ss     0:00.23 ssh -f -L 192.168.0.98:445:127.0.0.1:445 ssh.server sleep 99999
99019  ??  Ss     0:00.58 ssh -f -L 192.168.0.99:139:192.168.1.28:139 ssh.server sleep 99999
99020  ??  Ss     0:00.58 ssh -f -L 192.168.0.99:445:192.168.1.28:445 ssh.server sleep 99999
root@fb1[~]$ kill -9 99019; kill -9 99020

To avoid asking password by ssh:
root@fb1[~]$ ssh-keygen
root@fb1[~]$ scp .ssh/id_rsa.pub ssh.server:.ssh/client.pub
root@fb1[~]$ ssh ssh.server
root@ssh.server[~]$ cd .ssh
root@ssh.server[~/.ssh]$ cat client.pub >> authorized_keys
Press ctrl-D to logout

To access remote file server, at local Window run \\192.168.0.98 
To access the second, at local Window run \\192.168.0.99
To permanently map a protected share:
  net use z: \\192.168.0.98\accounts password /user:username /pers:yes

To add alias by command:
root@fb1[~]$ ifconfig vr0 inet 192.168.0.98 netmask 255.255.255.255 alias
root@fb1[~]$ ifconfig vr0 inet 192.168.0.99 netmask 255.255.255.255 alias

To remove IP alias by comand:
root@fb1[~]$ ifconfig vr0 inet 192.168.0.99 -alias

To restart SAMBA in FreeBSD:
root@fb1[~]$ /usr/local/etc/rc.d/samba restart

To allow ping by netbios name (sorry, local netbios name only):
root@fb1[~/.ssh]$ vi /etc/nsswitch.conf
change the line "hosts: files dns" to "hosts: files dns wins"