Samba outside-network (yes i saw pin)

[IAmAFrenchFry]

So, I have Samba installed on a Raspberry Pi with a USB Hard Drive for a NAS (as one does, of course), but i am confused about how I can remotely access it. I did read the pinned message, but it was a little confusing imo, and i’ve also seen things that say some things are more secure than others, slow speeds and latency could be introduced heavily, etc.

 

So what option do you guys think is the best combo of security, price (has to be less than cloud, preferably free obv), and just general overall happy-fun-time-i-ness. If you want me to switch to another file service instead of Samba, I would need a guide for how to set that up on RPi. Additionally, if you could provide a guide for how to do whatever option you would suggest for my situation, that would be helpful (and like one of the main reasons I am writing this).

 

Lastly, in case you select the port-forwarding option, I have attached an image of the port forwarding section on my router’s interface, so I would appreciate if you could tell me what to fill in those boxes.

 

Thanks!

 

 

[Electronics Wizardy]

You really don't want smb over wan, its a bad idea.

 

Either put this over a vpn, or use something that made for connections over wan, so a https based protocol, you can use something like nextcloud to make this easy, or something like scp.

 

 

[kirashi]

9 minutes ago, IAmAFrenchFry said:

So what option do you guys think is the best combo of security, price (has to be less than cloud, preferably free obv), and just general overall happy-fun-time-i-ness.

Thanks!

 

 

3 minutes ago, Electronics Wizardy said:

You really don't want smb over wan, its a bad idea. Either put this over a vpn, or use something that made for connections over wan, so a https based protocol, you can use something like nextcloud to make this easy, or something like scp.

 

 

 

THIS. ^^^ I would strongly caution against exposing SAMBA/SMB over the internet due to security implications and inconvenience compared to using a more secure platform like NextCloud on your Raspberry Pi. There are quite a few guides out there if you search "Raspberry Pi NextCloud server" - I've linked the one that looks fairly straightforward below for you to get started.

https://pimylifeup.com/raspberry-pi-nextcloud-server/

 

[Kilrah]

Yup, you want to set up a VPN so you can become "internal" to your network before reaching it.

[Guest]

1 hour ago, IAmAFrenchFry said:

So, I have Samba installed on a Raspberry Pi with a USB Hard Drive for a NAS (as one does, of course), but i am confused about how I can remotely access it. I did read the pinned message, but it was a little confusing imo, and i’ve also seen things that say some things are more secure than others, slow speeds and latency could be introduced heavily, etc.

 

So what option do you guys think is the best combo of security, price (has to be less than cloud, preferably free obv), and just general overall happy-fun-time-i-ness. If you want me to switch to another file service instead of Samba, I would need a guide for how to set that up on RPi. Additionally, if you could provide a guide for how to do whatever option you would suggest for my situation, that would be helpful (and like one of the main reasons I am writing this).

 

Lastly, in case you select the port-forwarding option, I have attached an image of the port forwarding section on my router’s interface, so I would appreciate if you could tell me what to fill in those boxes.

 

Thanks!

 

 

So I've actually just updated that post for the first time in 4? years. Don't make it available over the WAN. Depending on your gateway/firewall manufacturer, look at creating your own VPN solution.

[Sir Asvald]

@IAmAFrenchFry 

 

why not Install Owncloud onto your RPi? to secure it, get a free SSL Cert from https://letsencrypt.org

[IAmAFrenchFry]

Sorry I had school and couldn’t respond.

 

Looks like a few people say NextCloud, and that SMB isn’t safe over WAN unless using a VPN. However, you haven’t given me a guide on how to do it with a VPN, so I don’t know how to take further action.

 

Thank you @kirashi for providing a guide; I’ll look into it.

[Jarsky]

1 hour ago, IAmAFrenchFry said:

Looks like a few people say NextCloud

Yeah NextCloud or OwnCloud are fairly simple solutions to setup and are fairly secure with no known major vulnerabilities. 

When I setup my NextCloud, took me about 30 minutes to install & configure. 

 

1 hour ago, IAmAFrenchFry said:

and that SMB isn’t safe over WAN unless using a VPN

SMB should never be exposed to the internet for WAN. Especially SMB/CIFS 1.0 as it major security issues. 

 

1 hour ago, IAmAFrenchFry said:

However, you haven’t given me a guide on how to do it with a VPN, so I don’t know how to take further action.

In a typical home setup, you only have a single network...so you create your SMB share internally as you would, and ensure that you can access it fine on your home network. 

Then its just a case of installing a VPN server, and setting up a VPN client on your device you want to connect from. Theres no special SMB related configuration required. 

 

Theres lots of how-to's on setting up VPN's, such as this one for OpenVPN Server on Raspberry Pi: https://www.pcmag.com/how-to/how-to-create-a-vpn-server-with-raspberry-pi

[IAmAFrenchFry]

9 minutes ago, Jarsky said:

Yeah NextCloud or OwnCloud are fairly simple solutions to setup and are fairly secure with no known major vulnerabilities. 

When I setup my NextCloud, took me about 30 minutes to install & configure. 

 

SMB should never be exposed to the internet for WAN. Especially SMB/CIFS 1.0 as it major security issues. 

 

In a typical home setup, you only have a single network...so you create your SMB share internally as you would, and ensure that you can access it fine on your home network. 

Then its just a case of installing a VPN server, and setting up a VPN client on your device you want to connect from. Theres no special SMB related configuration required. 

 

Theres lots of how-to's on setting up VPN's, such as this one for OpenVPN Server on Raspberry Pi: https://www.pcmag.com/how-to/how-to-create-a-vpn-server-with-raspberry-pi

Thanks! Would one of these options be better than the other (NextCloud or VPN)?

[Jarsky]

7 minutes ago, IAmAFrenchFry said:

Thanks! Would one of these options be better than the other (NextCloud or VPN)?

Theyre different solutions. 

 

NextCloud is a web browser solution, think of it like a web version of Dropbox. 

You create users, and you map folders to your users of what they can/cant access, and they can upload/download files, they can also preview/edit documents and watch/listen to media via the plugins directly in the browser. 

 

VPN is a network solution. When your VPN is connected, its literally like you're connected to your network at home...e.g its just like you're on your home wifi. So you'd access things like you would at home, such as through File Explorer, play media through VLC, edit a word document through Word, etc....

 

Personally I use NextCloud for my solution as I might just want to share the odd document and create a shareable link to friends. Or occasionally access my media content from someone elses computer or a work computer, or a network that doesnt allow outgoing VPN connections. 

[IAmAFrenchFry]

1 hour ago, Jarsky said:

Theyre different solutions. 

 

NextCloud is a web browser solution, think of it like a web version of Dropbox. 

You create users, and you map folders to your users of what they can/cant access, and they can upload/download files, they can also preview/edit documents and watch/listen to media via the plugins directly in the browser. 

 

VPN is a network solution. When your VPN is connected, its literally like you're connected to your network at home...e.g its just like you're on your home wifi. So you'd access things like you would at home, such as through File Explorer, play media through VLC, edit a word document through Word, etc....

 

Personally I use NextCloud for my solution as I might just want to share the odd document and create a shareable link to friends. Or occasionally access my media content from someone elses computer or a work computer, or a network that doesnt allow outgoing VPN connections. 

So I decided to go with VPN option, however I notice in the guide that I still need to port forward the VPN port, but not an SMB port, which makes sense because typically when making VPNs accessing them is fun.

 

I’m assuming so, but just to be sure, still safe?

[Jarsky]

7 minutes ago, IAmAFrenchFry said:

So I decided to go with VPN option, however I notice in the guide that I still need to port forward the VPN port, but not an SMB port, which makes sense because typically when making VPNs accessing them is fun.

 

I’m assuming so, but just to be sure, still safe?

 

Yup, it's just a listen port. You need to forward the port, so that incoming connection requests for the VPN service get directed to your VPN server. 

[IAmAFrenchFry]

2 minutes ago, Jarsky said:

 

Yup, it's just a listen port. You need to forward the port, so that incoming connection requests for the VPN service get directed to your VPN server. 

So it says the port is 1194. Would i put that in the internal and external port boxes and my raspi address in the internal ip box? and set it to udp?

[Jarsky]

6 minutes ago, IAmAFrenchFry said:

So it says the port is 1194. Would i put that in the internal and external port boxes and my raspi address in the internal ip box? and set it to udp?

Yeah, theres no reason to remap through non-standard port numbers with how efficient port scanning bots are these days. 

So yeah UDP Port 1194 and everything as you've said, you got it 

[IAmAFrenchFry]

54 minutes ago, Jarsky said:

Yeah, theres no reason to remap through non-standard port numbers with how efficient port scanning bots are these days. 

So yeah UDP Port 1194 and everything as you've said, you got it 

Everything worked! Tysm!