Remote Samba share thru ssh

  • hi there,

    im really not sure where to post this topic because my situation involves a few services (samba,ssh,firewalling,VIP). i've managed to setup and configure a samba file server thru an ssh tunnel, as illustrated below:

    [remote windoze machine]–->[pfSense]–->[linux box]
    (using putty)                        (ssh server)  (Samba server)

    somehow, i want to twist the setup a bit by disabling pfSense as the ssh server and making the Linux box the ssh server for the remote connections. i already have an allocated public IP from my ISP that i can use for the Linux box by using VIP. below is the setup i have in mind:

    [remote windoze machine]–->[pfSense]–------------->[linux box]
    (using putty, connect to        (forward incoming          ( listening to port 222
    VIP:                port connection)          ssh/samba server)

    enabling the ssh server on pfsense works, but im quite reluctant to let remote users connect directly to the gateway/firewall itself just to access the samba shares. i've also tweaked with the firewall rules, VIP setup, sshd_config and smb.cfg, but im missing out on something. if anybody can please give a light to the situation, it will be very much appreciated. or any opinion on the situation im visualizing, whether it's doable or not, please, all your opinion is very much appreciated.

    thank you very much


  • Putty can not make tunnel for your windows host to other samba/windows servers any way, so you may have not samba sharing on linux at all - only a direct connection to this linux host. Or 2 levels ssh (windows putty -> pfsense ssh server -> linux ssh server) Who will be a ssh server? no difference. Port forwarding more simple.
    Why not a WinSCP on windows with ssh server on your linux machine and port forwarding on pfsense? This is a some commander-like GUI for your files.

  • McNet,

    thank you for the response and my apologies for delayed reply… i've googled and found a few articles about how to tunnel samba shares on a linux box to a remote windoze box thru ssh:

    both these links help me  lot in achieving my goal... well, almost...  ;D

    based on the design, the firewall passes port 22 to the internal ssh server, which unfortunately has a public IP...

    what i have in mind is how to do this without having the ssh server and samba server having a public IP... btw, ssh and samba runs on the same linux box...

    if i enable ssh on pfsense, i can connect to the internal samba share flawlessly... but then again, having remote users log in to my pfsense box just for ssh tunneling is really not a good idea...

    i have tweaked with the port forwarding options on pfsense, but without success  :(

    if anyone have any idea on how to achieve this, it would really be appreciated..

    thanks in advance...


  • It sounds like you're looking for VPN functionality (the ability to route traffic across a tunnel), in which case why not use one of the VPN solutions built in to pfSense?  OpenVPN is probably the easiest to set up, and it even has it's own sub-forum with useful stickies ;)

  • Havok,

    although VPN is a good idea, but i prefer to tunnel thru ssh…  ;)

    anyway, i got it... i just have to uncheck the NAT reflection on the Advanced tab... provided with the right NAT rules and port forwarding, i finally had it working...

    thanx for all your reply and suggestions :)


Log in to reply