Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
IAmAFrenchFry

Samba outside-network (yes i saw pin)

1 hour ago, IAmAFrenchFry said:

Looks like a few people say NextCloud

Yeah NextCloud or OwnCloud are fairly simple solutions to setup and are fairly secure with no known major vulnerabilities. 

When I setup my NextCloud, took me about 30 minutes to install & configure. 

 

1 hour ago, IAmAFrenchFry said:

and that SMB isn’t safe over WAN unless using a VPN

SMB should never be exposed to the internet for WAN. Especially SMB/CIFS 1.0 as it major security issues. 

 

1 hour ago, IAmAFrenchFry said:

However, you haven’t given me a guide on how to do it with a VPN, so I don’t know how to take further action.

In a typical home setup, you only have a single network...so you create your SMB share internally as you would, and ensure that you can access it fine on your home network. 

Then its just a case of installing a VPN server, and setting up a VPN client on your device you want to connect from. Theres no special SMB related configuration required. 

 

Theres lots of how-to's on setting up VPN's, such as this one for OpenVPN Server on Raspberry Pi: https://www.pcmag.com/how-to/how-to-create-a-vpn-server-with-raspberry-pi

Recommended Posts

Posted · Original PosterOP

So, I have Samba installed on a Raspberry Pi with a USB Hard Drive for a NAS (as one does, of course), but i am confused about how I can remotely access it. I did read the pinned message, but it was a little confusing imo, and i’ve also seen things that say some things are more secure than others, slow speeds and latency could be introduced heavily, etc.

 

So what option do you guys think is the best combo of security, price (has to be less than cloud, preferably free obv), and just general overall happy-fun-time-i-ness. If you want me to switch to another file service instead of Samba, I would need a guide for how to set that up on RPi. Additionally, if you could provide a guide for how to do whatever option you would suggest for my situation, that would be helpful (and like one of the main reasons I am writing this).

 

Lastly, in case you select the port-forwarding option, I have attached an image of the port forwarding section on my router’s interface, so I would appreciate if you could tell me what to fill in those boxes.

 

Thanks!

 

 

E285C7C3-05D1-4ACD-90E3-2A5738B972EC.thumb.jpeg.41da063071d1a3c20faec5bb45b21d96.jpeg

Link to post
Share on other sites
9 minutes ago, IAmAFrenchFry said:

So what option do you guys think is the best combo of security, price (has to be less than cloud, preferably free obv), and just general overall happy-fun-time-i-ness.

Thanks!

 
 
3 minutes ago, Electronics Wizardy said:

You really don't want smb over wan, its a bad idea. Either put this over a vpn, or use something that made for connections over wan, so a https based protocol, you can use something like nextcloud to make this easy, or something like scp.

 
 
 

THIS. ^^^ I would strongly caution against exposing SAMBA/SMB over the internet due to security implications and inconvenience compared to using a more secure platform like NextCloud on your Raspberry Pi. There are quite a few guides out there if you search "Raspberry Pi NextCloud server" - I've linked the one that looks fairly straightforward below for you to get started.

https://pimylifeup.com/raspberry-pi-nextcloud-server/

 


Desktop: KRySTaLoGi-PC Build Log (i7-4790K, RTX2060) Mobile: OnePlus 5T | Bell - Unlimited Calling & Texting + 10GB Data
Laptop: Dell XPS 15 9560 (the real 15" MacBook Pro that Apple didn't make) Tablet: iPad Mini 5 | HP Touchpad | ASUS ME302C
Camera: Canon SX280 + Rebel T1i (500D) | Sony HDR-AS50R | Panasonic DMC-TS20D Music: Spotify Premium (CIRCA '08)

Link to post
Share on other sites

Yup, you want to set up a VPN so you can become "internal" to your network before reaching it.


F@H
Desktop: i7-5960X 4.4GHz, Noctua NH-D14, ASUS Rampage V, 32GB, RTX2080S, 2TB NVMe SSD, 2x16TB HDD RAID0, Corsair HX1200, Thermaltake Overseer RX1, Samsung 4K curved 49" TV, 23" secondary

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB NVMe SSD RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Dell XPS 2 in 1 2019, 32GB, 1TB, 4K

 

GPD Win 2

Link to post
Share on other sites
1 hour ago, IAmAFrenchFry said:

So, I have Samba installed on a Raspberry Pi with a USB Hard Drive for a NAS (as one does, of course), but i am confused about how I can remotely access it. I did read the pinned message, but it was a little confusing imo, and i’ve also seen things that say some things are more secure than others, slow speeds and latency could be introduced heavily, etc.

 

So what option do you guys think is the best combo of security, price (has to be less than cloud, preferably free obv), and just general overall happy-fun-time-i-ness. If you want me to switch to another file service instead of Samba, I would need a guide for how to set that up on RPi. Additionally, if you could provide a guide for how to do whatever option you would suggest for my situation, that would be helpful (and like one of the main reasons I am writing this).

 

Lastly, in case you select the port-forwarding option, I have attached an image of the port forwarding section on my router’s interface, so I would appreciate if you could tell me what to fill in those boxes.

 

Thanks!

 

 

E285C7C3-05D1-4ACD-90E3-2A5738B972EC.thumb.jpeg.41da063071d1a3c20faec5bb45b21d96.jpeg

So I've actually just updated that post for the first time in 4? years. Don't make it available over the WAN. Depending on your gateway/firewall manufacturer, look at creating your own VPN solution.

Link to post
Share on other sites

@IAmAFrenchFry 

 

why not Install Owncloud onto your RPi? to secure it, get a free SSL Cert from https://letsencrypt.org


CPU: i7 4790K |CPU Cooler: CM Hyper 212 Evo | Motherboard: Z97-A | RAM: 4x4GB Kingston Memory 1600mhz | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 120GB Kingston V300 SSD | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitors: 24" Acer S240HLBID + 24" Samsung  | OS: Win 10 Pro

 

Audio: Behringer 302USB Xenyx 5 Input Mixer |  U-PHORIA UMC204HD | Neweer NW-700 Mic | Sound Blaster Audigy Fx PCI-E card

 

Networking gear:  Lenovo ThinkCenter M82 ESXi 6.7 | Lenovo M93 Tiny Exchange 2019 | TP-LINK TL-SG1024D 24-Port Gigabit | Cisco ASA 5506 firewall  | Cisco Catalyst 3750 Gigabit Switch | HP MicroServer G7 NAS |

Link to post
Share on other sites
Posted · Original PosterOP

Sorry I had school and couldn’t respond.

 

Looks like a few people say NextCloud, and that SMB isn’t safe over WAN unless using a VPN. However, you haven’t given me a guide on how to do it with a VPN, so I don’t know how to take further action.

 

Thank you @kirashi for providing a guide; I’ll look into it.

Link to post
Share on other sites
Posted · Best Answer
1 hour ago, IAmAFrenchFry said:

Looks like a few people say NextCloud

Yeah NextCloud or OwnCloud are fairly simple solutions to setup and are fairly secure with no known major vulnerabilities. 

When I setup my NextCloud, took me about 30 minutes to install & configure. 

 

1 hour ago, IAmAFrenchFry said:

and that SMB isn’t safe over WAN unless using a VPN

SMB should never be exposed to the internet for WAN. Especially SMB/CIFS 1.0 as it major security issues. 

 

1 hour ago, IAmAFrenchFry said:

However, you haven’t given me a guide on how to do it with a VPN, so I don’t know how to take further action.

In a typical home setup, you only have a single network...so you create your SMB share internally as you would, and ensure that you can access it fine on your home network. 

Then its just a case of installing a VPN server, and setting up a VPN client on your device you want to connect from. Theres no special SMB related configuration required. 

 

Theres lots of how-to's on setting up VPN's, such as this one for OpenVPN Server on Raspberry Pi: https://www.pcmag.com/how-to/how-to-create-a-vpn-server-with-raspberry-pi


Spoiler

Desktop: Ryzen 7 2700x | Aorus X470 Gaming Ultra | EVGA RTX2080 Super | 32GB (4x8GB) Corsair Vengeance RGB Pro 3200Mhz | Corsair H105 AIO, NZXT Sentry 3 | Corsair SP120's | 1TB Crucial P1 NVMe, 4TB WD Black | Phanteks Enthoo Pro | Corsair RM650v2 PSU | LG 32" 32GK850G Monitor | Ducky Shine 3 Keyboard, Logitech G502, MicroLab Solo 7C Speakers, Razer Goliathus Extended, X360 Controller | Windows 10 Pro | SteelSeries Siberia 350 Headphones

 

Spoiler

Server 1: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM650v2 PSU | Fractal S36 Triple AIO | 10 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 1TB Crucial P1 NVMe | LSI 9211-8i HBA

 

Server 2: Corsair 400R | IcyDock MB998SP & MB455SPF | Seasonic Focus Plus 650w PSU | 2 x Xeon X5650's | 48GB DDR3-ECC | Asus Z8NA-D6C Motherboard | AOC-SAS2LP-MV8 | LSI MegaRAID 9271-8i | RES2SV240 SAS Expander | Samsung 840Evo 120GB | 5 x 8TB Seagate Archives | 10 x 3TB WD Red

 

Link to post
Share on other sites
Posted · Original PosterOP
9 minutes ago, Jarsky said:

Yeah NextCloud or OwnCloud are fairly simple solutions to setup and are fairly secure with no known major vulnerabilities. 

When I setup my NextCloud, took me about 30 minutes to install & configure. 

 

SMB should never be exposed to the internet for WAN. Especially SMB/CIFS 1.0 as it major security issues. 

 

In a typical home setup, you only have a single network...so you create your SMB share internally as you would, and ensure that you can access it fine on your home network. 

Then its just a case of installing a VPN server, and setting up a VPN client on your device you want to connect from. Theres no special SMB related configuration required. 

 

Theres lots of how-to's on setting up VPN's, such as this one for OpenVPN Server on Raspberry Pi: https://www.pcmag.com/how-to/how-to-create-a-vpn-server-with-raspberry-pi

Thanks! Would one of these options be better than the other (NextCloud or VPN)?

Link to post
Share on other sites
7 minutes ago, IAmAFrenchFry said:

Thanks! Would one of these options be better than the other (NextCloud or VPN)?

Theyre different solutions. 

 

NextCloud is a web browser solution, think of it like a web version of Dropbox. 

You create users, and you map folders to your users of what they can/cant access, and they can upload/download files, they can also preview/edit documents and watch/listen to media via the plugins directly in the browser. 

 

VPN is a network solution. When your VPN is connected, its literally like you're connected to your network at home...e.g its just like you're on your home wifi. So you'd access things like you would at home, such as through File Explorer, play media through VLC, edit a word document through Word, etc....

 

Personally I use NextCloud for my solution as I might just want to share the odd document and create a shareable link to friends. Or occasionally access my media content from someone elses computer or a work computer, or a network that doesnt allow outgoing VPN connections. 


Spoiler

Desktop: Ryzen 7 2700x | Aorus X470 Gaming Ultra | EVGA RTX2080 Super | 32GB (4x8GB) Corsair Vengeance RGB Pro 3200Mhz | Corsair H105 AIO, NZXT Sentry 3 | Corsair SP120's | 1TB Crucial P1 NVMe, 4TB WD Black | Phanteks Enthoo Pro | Corsair RM650v2 PSU | LG 32" 32GK850G Monitor | Ducky Shine 3 Keyboard, Logitech G502, MicroLab Solo 7C Speakers, Razer Goliathus Extended, X360 Controller | Windows 10 Pro | SteelSeries Siberia 350 Headphones

 

Spoiler

Server 1: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM650v2 PSU | Fractal S36 Triple AIO | 10 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 1TB Crucial P1 NVMe | LSI 9211-8i HBA

 

Server 2: Corsair 400R | IcyDock MB998SP & MB455SPF | Seasonic Focus Plus 650w PSU | 2 x Xeon X5650's | 48GB DDR3-ECC | Asus Z8NA-D6C Motherboard | AOC-SAS2LP-MV8 | LSI MegaRAID 9271-8i | RES2SV240 SAS Expander | Samsung 840Evo 120GB | 5 x 8TB Seagate Archives | 10 x 3TB WD Red

 

Link to post
Share on other sites
Posted · Original PosterOP
1 hour ago, Jarsky said:

Theyre different solutions. 

 

NextCloud is a web browser solution, think of it like a web version of Dropbox. 

You create users, and you map folders to your users of what they can/cant access, and they can upload/download files, they can also preview/edit documents and watch/listen to media via the plugins directly in the browser. 

 

VPN is a network solution. When your VPN is connected, its literally like you're connected to your network at home...e.g its just like you're on your home wifi. So you'd access things like you would at home, such as through File Explorer, play media through VLC, edit a word document through Word, etc....

 

Personally I use NextCloud for my solution as I might just want to share the odd document and create a shareable link to friends. Or occasionally access my media content from someone elses computer or a work computer, or a network that doesnt allow outgoing VPN connections. 

So I decided to go with VPN option, however I notice in the guide that I still need to port forward the VPN port, but not an SMB port, which makes sense because typically when making VPNs accessing them is fun.

 

I’m assuming so, but just to be sure, still safe?

Link to post
Share on other sites
7 minutes ago, IAmAFrenchFry said:

So I decided to go with VPN option, however I notice in the guide that I still need to port forward the VPN port, but not an SMB port, which makes sense because typically when making VPNs accessing them is fun.

 

I’m assuming so, but just to be sure, still safe?

 

Yup, it's just a listen port. You need to forward the port, so that incoming connection requests for the VPN service get directed to your VPN server. 


Spoiler

Desktop: Ryzen 7 2700x | Aorus X470 Gaming Ultra | EVGA RTX2080 Super | 32GB (4x8GB) Corsair Vengeance RGB Pro 3200Mhz | Corsair H105 AIO, NZXT Sentry 3 | Corsair SP120's | 1TB Crucial P1 NVMe, 4TB WD Black | Phanteks Enthoo Pro | Corsair RM650v2 PSU | LG 32" 32GK850G Monitor | Ducky Shine 3 Keyboard, Logitech G502, MicroLab Solo 7C Speakers, Razer Goliathus Extended, X360 Controller | Windows 10 Pro | SteelSeries Siberia 350 Headphones

 

Spoiler

Server 1: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM650v2 PSU | Fractal S36 Triple AIO | 10 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 1TB Crucial P1 NVMe | LSI 9211-8i HBA

 

Server 2: Corsair 400R | IcyDock MB998SP & MB455SPF | Seasonic Focus Plus 650w PSU | 2 x Xeon X5650's | 48GB DDR3-ECC | Asus Z8NA-D6C Motherboard | AOC-SAS2LP-MV8 | LSI MegaRAID 9271-8i | RES2SV240 SAS Expander | Samsung 840Evo 120GB | 5 x 8TB Seagate Archives | 10 x 3TB WD Red

 

Link to post
Share on other sites
Posted · Original PosterOP
2 minutes ago, Jarsky said:

 

Yup, it's just a listen port. You need to forward the port, so that incoming connection requests for the VPN service get directed to your VPN server. 

So it says the port is 1194. Would i put that in the internal and external port boxes and my raspi address in the internal ip box? and set it to udp?

Link to post
Share on other sites
6 minutes ago, IAmAFrenchFry said:

So it says the port is 1194. Would i put that in the internal and external port boxes and my raspi address in the internal ip box? and set it to udp?

Yeah, theres no reason to remap through non-standard port numbers with how efficient port scanning bots are these days. 

So yeah UDP Port 1194 and everything as you've said, you got it 👊


Spoiler

Desktop: Ryzen 7 2700x | Aorus X470 Gaming Ultra | EVGA RTX2080 Super | 32GB (4x8GB) Corsair Vengeance RGB Pro 3200Mhz | Corsair H105 AIO, NZXT Sentry 3 | Corsair SP120's | 1TB Crucial P1 NVMe, 4TB WD Black | Phanteks Enthoo Pro | Corsair RM650v2 PSU | LG 32" 32GK850G Monitor | Ducky Shine 3 Keyboard, Logitech G502, MicroLab Solo 7C Speakers, Razer Goliathus Extended, X360 Controller | Windows 10 Pro | SteelSeries Siberia 350 Headphones

 

Spoiler

Server 1: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM650v2 PSU | Fractal S36 Triple AIO | 10 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 1TB Crucial P1 NVMe | LSI 9211-8i HBA

 

Server 2: Corsair 400R | IcyDock MB998SP & MB455SPF | Seasonic Focus Plus 650w PSU | 2 x Xeon X5650's | 48GB DDR3-ECC | Asus Z8NA-D6C Motherboard | AOC-SAS2LP-MV8 | LSI MegaRAID 9271-8i | RES2SV240 SAS Expander | Samsung 840Evo 120GB | 5 x 8TB Seagate Archives | 10 x 3TB WD Red

 

Link to post
Share on other sites
Posted · Original PosterOP
54 minutes ago, Jarsky said:

Yeah, theres no reason to remap through non-standard port numbers with how efficient port scanning bots are these days. 

So yeah UDP Port 1194 and everything as you've said, you got it 👊

Everything worked! Tysm!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×