SSH reverse tunnel samba, not working?



  • This is my scenario-
    Laptop, Windows 7, has a share called "SHARE" pointing to "C:\Users\hsundara". In a coffee shop.

    pfsense at home. WAN address "hsundara.com". LAN address 192.168.11.1. ubuntu-box behind pfsense, with a LAN address 192.168.11.200

    Running the following from Cygwin on laptop
    ssh -R 0.0.0.0:445:192.168.11.1:445 hsundara.com

    Running the following on ubuntu-box in the home network
    mount.cifs //192.168.11.1/SHARE /home/hsundara/laptop-mount -o user=hsundara,nounix,noperm,nocase,rw,uid=500,gid=500

    And I get the error
    mount error(115): Operation now in progress

    From what I understand, this has to do with name resolution rather than share problem.

    The thing is, the same set of commands work for a machine we have at work. At work, a SLES box acts as a router, and there's a Ubuntu box behind the SLES box. I reverse tunnel my laptop's SAMBA port onto the SLES router, and connect to it from the ubuntu box and everything works. At home, it doesn't.

    When I connect to pfsense with a "-vvv" option, I do see the following -
    debug1: Remote connections from 0.0.0.0:445 forwarded to local address 192.168.11.1:445
    debug1: remote forward success for: listen 0.0.0.0:445, connect 192.168.11.1:445
    debug1: All remote forwarding requests processed

    I even created a firewall rule on LAN
    Source - LAN net
    Port - *
    Destination - LAN address
    Port - 445
    Gateway - *
    Queue - none

    Any idea why this is happening? Conceptually, everything seems straightforward.

    EDIT –-
    Ok, I ran a sockstat -4 -l command on pfsense, and I see this ->
    root    sshd      77377 8  tcp4  127.0.0.1:445        :

    This is definitely the issue. Why is it not listening on *:445 and only on 127.0.0.1:445 ???  How do I make it listen on *:445?

    EDIT 2 –-
    Ok, I created a new "PORT FORWARD" with the following settings -
    IF = LAN
    Proto = TCP
    Src. addr = LAN net
    Src. Ports = *
    Dest. addr = LAN address
    Dest. ports = 445
    NAT IP = 127.0.0.1
    NAT ports = 445

    Pretty interesting. I am doing a port forward in the non-conventional sense, from the "inside", so to speak.



  • Wow, thanks for this post dude i was figuring this out to. I want to use rdp with a reverse tunnel from the company network. I was close to the sollution but the portforward part was missing! Iam gonna test this!



  • @ReFleX:

    Wow, thanks for this post dude i was figuring this out to. I want to use rdp with a reverse tunnel from the company network. I was close to the sollution but the portforward part was missing! Iam gonna test this!

    Let me know if you have any questions. I am not sure if I am understanding you right, but I don't think what I did here is going to be of help to you, but if it is, great !


Log in to reply