Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Samba outside-network (yes i saw pin)

Go to solution Solved by Jarsky,
1 hour ago, IAmAFrenchFry said:

Looks like a few people say NextCloud

Yeah NextCloud or OwnCloud are fairly simple solutions to setup and are fairly secure with no known major vulnerabilities. 

When I setup my NextCloud, took me about 30 minutes to install & configure. 

 

1 hour ago, IAmAFrenchFry said:

and that SMB isn’t safe over WAN unless using a VPN

SMB should never be exposed to the internet for WAN. Especially SMB/CIFS 1.0 as it major security issues. 

 

1 hour ago, IAmAFrenchFry said:

However, you haven’t given me a guide on how to do it with a VPN, so I don’t know how to take further action.

In a typical home setup, you only have a single network...so you create your SMB share internally as you would, and ensure that you can access it fine on your home network. 

Then its just a case of installing a VPN server, and setting up a VPN client on your device you want to connect from. Theres no special SMB related configuration required. 

 

Theres lots of how-to's on setting up VPN's, such as this one for OpenVPN Server on Raspberry Pi: https://www.pcmag.com/how-to/how-to-create-a-vpn-server-with-raspberry-pi

So, I have Samba installed on a Raspberry Pi with a USB Hard Drive for a NAS (as one does, of course), but i am confused about how I can remotely access it. I did read the pinned message, but it was a little confusing imo, and i’ve also seen things that say some things are more secure than others, slow speeds and latency could be introduced heavily, etc.

 

So what option do you guys think is the best combo of security, price (has to be less than cloud, preferably free obv), and just general overall happy-fun-time-i-ness. If you want me to switch to another file service instead of Samba, I would need a guide for how to set that up on RPi. Additionally, if you could provide a guide for how to do whatever option you would suggest for my situation, that would be helpful (and like one of the main reasons I am writing this).

 

Lastly, in case you select the port-forwarding option, I have attached an image of the port forwarding section on my router’s interface, so I would appreciate if you could tell me what to fill in those boxes.

 

Thanks!

 

 

E285C7C3-05D1-4ACD-90E3-2A5738B972EC.thumb.jpeg.41da063071d1a3c20faec5bb45b21d96.jpeg

Link to post
Share on other sites

You really don't want smb over wan, its a bad idea.

 

Either put this over a vpn, or use something that made for connections over wan, so a https based protocol, you can use something like nextcloud to make this easy, or something like scp.

 

 

Link to post
Share on other sites
9 minutes ago, IAmAFrenchFry said:

So what option do you guys think is the best combo of security, price (has to be less than cloud, preferably free obv), and just general overall happy-fun-time-i-ness.

Thanks!

 
 
3 minutes ago, Electronics Wizardy said:

You really don't want smb over wan, its a bad idea. Either put this over a vpn, or use something that made for connections over wan, so a https based protocol, you can use something like nextcloud to make this easy, or something like scp.

 
 
 

THIS. ^^^ I would strongly caution against exposing SAMBA/SMB over the internet due to security implications and inconvenience compared to using a more secure platform like NextCloud on your Raspberry Pi. There are quite a few guides out there if you search "Raspberry Pi NextCloud server" - I've linked the one that looks fairly straightforward below for you to get started.

https://pimylifeup.com/raspberry-pi-nextcloud-server/

 

Desktop: KRySTaLoGi-PC Build Log (i7-4790K, RTX2060) Mobile: OnePlus 5T | Bell - Unlimited Calling & Texting + 10GB Data
Laptop: Dell XPS 15 9560 (the real 15" MacBook Pro that Apple didn't make) Tablet: iPad Mini 5 | Lenovo IdeaPad Duet 10.1
Camera: Canon SX280 + Rebel T1i (500D) | Sony HDR-AS50R | Panasonic DMC-TS20D Music: Spotify Premium (CIRCA '08)

Link to post
Share on other sites

Yup, you want to set up a VPN so you can become "internal" to your network before reaching it.

F@H
Desktop: i7-5960X 4.4GHz, Noctua NH-D14, ASUS Rampage V, 32GB, RTX3080, 2TB SX8200Pro, 2x16TB Ironwolf RAID0, Corsair HX1200, Thermaltake Overseer RX1, Samsung 4K curved 49" TV, 23" secondary, Mountain Everest Max

Mobile SFF rig: i9-9900K, Noctua NH-L9i, Asrock Z390 Phantom ITX-AC, 32GB, GTX1070, 2x1TB SX8200Pro RAID0, 2x5TB 2.5" HDD RAID0, Athena 500W Flex (Noctua fan), Custom 4.7l 3D printed case

 

Dell XPS 2 in 1 2019, 32GB, 1TB, 4K

 

GPD Win 2

Link to post
Share on other sites
1 hour ago, IAmAFrenchFry said:

So, I have Samba installed on a Raspberry Pi with a USB Hard Drive for a NAS (as one does, of course), but i am confused about how I can remotely access it. I did read the pinned message, but it was a little confusing imo, and i’ve also seen things that say some things are more secure than others, slow speeds and latency could be introduced heavily, etc.

 

So what option do you guys think is the best combo of security, price (has to be less than cloud, preferably free obv), and just general overall happy-fun-time-i-ness. If you want me to switch to another file service instead of Samba, I would need a guide for how to set that up on RPi. Additionally, if you could provide a guide for how to do whatever option you would suggest for my situation, that would be helpful (and like one of the main reasons I am writing this).

 

Lastly, in case you select the port-forwarding option, I have attached an image of the port forwarding section on my router’s interface, so I would appreciate if you could tell me what to fill in those boxes.

 

Thanks!

 

 

E285C7C3-05D1-4ACD-90E3-2A5738B972EC.thumb.jpeg.41da063071d1a3c20faec5bb45b21d96.jpeg

So I've actually just updated that post for the first time in 4? years. Don't make it available over the WAN. Depending on your gateway/firewall manufacturer, look at creating your own VPN solution.

Link to post
Share on other sites

@IAmAFrenchFry 

 

why not Install Owncloud onto your RPi? to secure it, get a free SSL Cert from https://letsencrypt.org

CPU: i7 4790K |CPU Cooler: CM Hyper 212 Evo | Motherboard: Z97-A | RAM: 4x4GB Kingston Memory 1600mhz | GPU: Nvidia GTX 1060 6GB Zotac Mini | Case: K280 Case | PSU: Cooler Master B600 Power supply | SSD: 120GB Kingston V300 SSD | HDDs: 1x 250GB & 1x 1TB WD Blue | Monitors: 24" Acer S240HLBID + 24" Samsung  | OS: Win 10 Pro

 

Audio: Behringer 302USB Xenyx 5 Input Mixer |  U-PHORIA UMC204HD | Neewer NW-700 Mic | Sound Blaster Audigy Fx PCI-E card

 

Networking gear:  Lenovo ThinkCenter M82 ESXi 6.7 | Lenovo M93 Tiny Exchange 2019 | TP-LINK TL-SG1024D 24-Port Gigabit | Cisco ASA 5506 firewall  | Cisco Catalyst 3750 Gigabit Switch | HP MicroServer G7 NAS | Dell PowerEdge R210 II SCCM Server

Link to post
Share on other sites

Sorry I had school and couldn’t respond.

 

Looks like a few people say NextCloud, and that SMB isn’t safe over WAN unless using a VPN. However, you haven’t given me a guide on how to do it with a VPN, so I don’t know how to take further action.

 

Thank you @kirashi for providing a guide; I’ll look into it.

Link to post
Share on other sites
1 hour ago, IAmAFrenchFry said:

Looks like a few people say NextCloud

Yeah NextCloud or OwnCloud are fairly simple solutions to setup and are fairly secure with no known major vulnerabilities. 

When I setup my NextCloud, took me about 30 minutes to install & configure. 

 

1 hour ago, IAmAFrenchFry said:

and that SMB isn’t safe over WAN unless using a VPN

SMB should never be exposed to the internet for WAN. Especially SMB/CIFS 1.0 as it major security issues. 

 

1 hour ago, IAmAFrenchFry said:

However, you haven’t given me a guide on how to do it with a VPN, so I don’t know how to take further action.

In a typical home setup, you only have a single network...so you create your SMB share internally as you would, and ensure that you can access it fine on your home network. 

Then its just a case of installing a VPN server, and setting up a VPN client on your device you want to connect from. Theres no special SMB related configuration required. 

 

Theres lots of how-to's on setting up VPN's, such as this one for OpenVPN Server on Raspberry Pi: https://www.pcmag.com/how-to/how-to-create-a-vpn-server-with-raspberry-pi

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (4x8GB) Corsair Vengeance RGB Pro 3200Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 1TB Crucial P1 NVMe, 4TB WD Black | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | LG 32" 32GK850G Monitor x2 | Ducky DK2108 Keyboard | Steel Series Sensei Ten | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOS-X Controller | Windows 10 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 10 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 1TB Crucial P1 NVMe | LSI 9211-8i HBA

 

Link to post
Share on other sites
9 minutes ago, Jarsky said:

Yeah NextCloud or OwnCloud are fairly simple solutions to setup and are fairly secure with no known major vulnerabilities. 

When I setup my NextCloud, took me about 30 minutes to install & configure. 

 

SMB should never be exposed to the internet for WAN. Especially SMB/CIFS 1.0 as it major security issues. 

 

In a typical home setup, you only have a single network...so you create your SMB share internally as you would, and ensure that you can access it fine on your home network. 

Then its just a case of installing a VPN server, and setting up a VPN client on your device you want to connect from. Theres no special SMB related configuration required. 

 

Theres lots of how-to's on setting up VPN's, such as this one for OpenVPN Server on Raspberry Pi: https://www.pcmag.com/how-to/how-to-create-a-vpn-server-with-raspberry-pi

Thanks! Would one of these options be better than the other (NextCloud or VPN)?

Link to post
Share on other sites
7 minutes ago, IAmAFrenchFry said:

Thanks! Would one of these options be better than the other (NextCloud or VPN)?

Theyre different solutions. 

 

NextCloud is a web browser solution, think of it like a web version of Dropbox. 

You create users, and you map folders to your users of what they can/cant access, and they can upload/download files, they can also preview/edit documents and watch/listen to media via the plugins directly in the browser. 

 

VPN is a network solution. When your VPN is connected, its literally like you're connected to your network at home...e.g its just like you're on your home wifi. So you'd access things like you would at home, such as through File Explorer, play media through VLC, edit a word document through Word, etc....

 

Personally I use NextCloud for my solution as I might just want to share the odd document and create a shareable link to friends. Or occasionally access my media content from someone elses computer or a work computer, or a network that doesnt allow outgoing VPN connections. 

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (4x8GB) Corsair Vengeance RGB Pro 3200Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 1TB Crucial P1 NVMe, 4TB WD Black | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | LG 32" 32GK850G Monitor x2 | Ducky DK2108 Keyboard | Steel Series Sensei Ten | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOS-X Controller | Windows 10 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 10 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 1TB Crucial P1 NVMe | LSI 9211-8i HBA

 

Link to post
Share on other sites
1 hour ago, Jarsky said:

Theyre different solutions. 

 

NextCloud is a web browser solution, think of it like a web version of Dropbox. 

You create users, and you map folders to your users of what they can/cant access, and they can upload/download files, they can also preview/edit documents and watch/listen to media via the plugins directly in the browser. 

 

VPN is a network solution. When your VPN is connected, its literally like you're connected to your network at home...e.g its just like you're on your home wifi. So you'd access things like you would at home, such as through File Explorer, play media through VLC, edit a word document through Word, etc....

 

Personally I use NextCloud for my solution as I might just want to share the odd document and create a shareable link to friends. Or occasionally access my media content from someone elses computer or a work computer, or a network that doesnt allow outgoing VPN connections. 

So I decided to go with VPN option, however I notice in the guide that I still need to port forward the VPN port, but not an SMB port, which makes sense because typically when making VPNs accessing them is fun.

 

I’m assuming so, but just to be sure, still safe?

Link to post
Share on other sites
7 minutes ago, IAmAFrenchFry said:

So I decided to go with VPN option, however I notice in the guide that I still need to port forward the VPN port, but not an SMB port, which makes sense because typically when making VPNs accessing them is fun.

 

I’m assuming so, but just to be sure, still safe?

 

Yup, it's just a listen port. You need to forward the port, so that incoming connection requests for the VPN service get directed to your VPN server. 

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (4x8GB) Corsair Vengeance RGB Pro 3200Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 1TB Crucial P1 NVMe, 4TB WD Black | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | LG 32" 32GK850G Monitor x2 | Ducky DK2108 Keyboard | Steel Series Sensei Ten | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOS-X Controller | Windows 10 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 10 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 1TB Crucial P1 NVMe | LSI 9211-8i HBA

 

Link to post
Share on other sites
2 minutes ago, Jarsky said:

 

Yup, it's just a listen port. You need to forward the port, so that incoming connection requests for the VPN service get directed to your VPN server. 

So it says the port is 1194. Would i put that in the internal and external port boxes and my raspi address in the internal ip box? and set it to udp?

Link to post
Share on other sites
6 minutes ago, IAmAFrenchFry said:

So it says the port is 1194. Would i put that in the internal and external port boxes and my raspi address in the internal ip box? and set it to udp?

Yeah, theres no reason to remap through non-standard port numbers with how efficient port scanning bots are these days. 

So yeah UDP Port 1194 and everything as you've said, you got it 👊

Spoiler

Desktop: Ryzen9 5950X | ASUS ROG Crosshair VIII Hero (Wifi) | EVGA RTX 3080Ti FTW3 | 32GB (4x8GB) Corsair Vengeance RGB Pro 3200Mhz | EKWB EK-AIO 360D-RGB | EKWB EK-Vardar RGB Fans | 1TB Samsung 980 Pro, 1TB Crucial P1 NVMe, 4TB WD Black | Corsair 5000D Airflow | Corsair HX850 Platinum PSU | LG 32" 32GK850G Monitor x2 | Ducky DK2108 Keyboard | Steel Series Sensei Ten | MicroLab Solo 7C Speakers | Audio-Technica ATH-M50xBT Headphones | TC-Helicon GoXLR | Audio-Technica AT2035 | LTT Desk Mat | XBOS-X Controller | Windows 10 Pro

 

Spoiler

Server: Fractal Design Define R6 | Ryzen 3950x | ASRock X570 Taichi | EVGA GTX1070 FTW | 64GB (4x16GB) Corsair Vengeance LPX 3000Mhz | Corsair RM850v2 PSU | Fractal S36 Triple AIO | 10 x 8TB HGST Ultrastar He10 (WD Whitelabel) | 500GB Aorus Gen4 NVMe | 2 x 1TB Crucial P1 NVMe | LSI 9211-8i HBA

 

Link to post
Share on other sites
54 minutes ago, Jarsky said:

Yeah, theres no reason to remap through non-standard port numbers with how efficient port scanning bots are these days. 

So yeah UDP Port 1194 and everything as you've said, you got it 👊

Everything worked! Tysm!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Newegg

×