[SOLVED] Please HELP SMB over WAN

Discussion in 'Tomato Firmware' started by Yunus Sasendi, Apr 30, 2018.

  1. Yunus Sasendi

    Yunus Sasendi New Member Member

    Hi all..
    I Have Linksys E4200 which Tomato Shibby installed.
    I attached an USB disk. And activated Samba File Sharing.

    I want to access this Disk over WAN. I know the security risks about samba sharing over WAN.
    I tried to port forwarding for UDP 137-138 and TCP 139,445 to ROuters IP itself. But no sucess..

    Could someone please tell me how to I manage to access this USB disk attached to Router over WAN by writing "\\myDynamicDnsDomain\SharedFolderName" on windows "Run" Box.

    Thank you in advance...
     
  2. eibgrad

    eibgrad Network Guru Member

    Beware, many ISPs block these ports by default. Just too risky.
     
  3. Yunus Sasendi

    Yunus Sasendi New Member Member

    I know it's risky. And I checked with ISP and they said they don't block those ports.
    But I couldn't manage to open this ports.
    I tried to stop firewall but no success. I tried some iptables tutorials I found on internet but again no success..
    Please if somebody knows a way I need urgent help...
     
  4. Edrikk

    Edrikk Network Guru Member

    When you say "over WAN" is there a specific reason for wanting to do this over SMB vs say FTP using Tomato's Server? Or maybe setup OwnCloud on Tomato? (haven't tried this running of the router, but here's an old video from Shibby: http://tomato.groov.pl/?p=664 ).
     
  5. Yunus Sasendi

    Yunus Sasendi New Member Member

    Yes, there is a specific reason. I will only allow a single and I will locate only one file within SMB share.
    We have thousands of excel macros which we are using. And the macros are checking if the text file in samba share is updated. We are using this for years with an old zyxel brand router.. It was allowing that with GUI configuration. But we changed because of it's bandwith increasement. And we replaced it with Linksys E4200 which Tomato Shibby installed. I managed each and everything works except this..

    To use ftp or other solution is only will be possible by changing all macros in excel sheets. And this is not an option for me because of limitation of VBA and number of files(More than 10.000)

    Even I tried to disable firewall completeley but no luck.

    I found this:
    http://www.linksysinfo.org/index.php?threads/cifs-share-wan.72489/

    But it didn't worked..
    I need absolutely smb share wich can be accessed from wan port to attached USB drive.
     
  6. eibgrad

    eibgrad Network Guru Member

    The problem may be that the SMB server is only listening on the LAN network interface (br0) and NOT the WAN (again, for security reasons).

    I checked my own smb.conf file and found the following:

    Code:
    [global]
     interfaces = br0
     bind interfaces only = yes
    ...
    I'm not an expert on configuring SMB, but perhaps just adding the following to Samba Custom Configuration might work.

    Code:
    interfaces = br0 vlan2
    I'm assuming vlan2 is your WAN network interface. You'd have to execute the following from Tools->System Command to verify.

    Code:
    nvram get wan_iface
    If the addition to Samba Custom Configuration doesn't work, you may have to restart the SMB server (smbd) and specify the network interfaces as command line options (which should override anything in the config file).

    Code:
    killall smbd
    sleep 5
    smbd -D interfaces="br0 vlan2"
     
    Yunus Sasendi likes this.
  7. koitsu

    koitsu Network Guru Member

    No need for Custom Samba Configuration -- Sean B and I added this feature a while ago to the GUI. Just add the WAN interface to the list (space-delimited as noted) and it should change the config. The Notes section at the bottom explains what this GUI feature actually adds/controls in smb.conf.
     

    Attached Files:

    Last edited: May 1, 2018
    Yunus Sasendi, pomidor1 and eibgrad like this.
  8. Yunus Sasendi

    Yunus Sasendi New Member Member

    Thank you very much eibgrad
    And Thank you very much koitsu..

    You saved my life.. I was not sleeping for two days.

    I changed in GUI file sharing interfaces as : "br0 vlan2"
    I added below ip tables commands to my Firewall script.

    iptables -A INPUT -p udp -i vlan2 -m multiport --dports 137,138 -s XXX.XXX.XXX.XXX -j ACCEPT
    iptables -A INPUT -p tcp -i vlan2 -m multiport --dports 139,445 -s XXX.XXX.XXX.XXX -j ACCEPT

    XXX is my Remote Ip which will access to Samba Share ove VAN.

    and it's working like charm..

    Thanks guys. I can sleep now after two days..
     
    Edrikk likes this.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice