I realized I neglected one huge point in my SMB over SSH woes. I have
successfully tunnelled NetBT over SSH. It is SMB that does not seem to
work. My exploits are documented here:

http://jgranto.dyndns.org/joe/SSH/index.htm

So, if anyone can tell me how to tunnell SMB on port 445 over SSH on
Windows XP, I would really appreciate it. My goal is not to enable
NetBT, and keep the system pure SMB. Thanks!




Initial Post:
------------------
I have 2 Windows XP systems in different locations (different subnets,
different ISPs, etc.). They get their IPs via ISP-supplied DHCP.
System A has the disk resources I want to use from System B.

I want to tunnel SMB over SSH because System A has an ISP that blocks
SMB (natively port 445, but will try NetBT [139] if that fails). Thus,
I cannot access shared directories natively.

I have done tons of research on the project, and tried many solutions.
The problem I am running into is that all of the documentation on the
web is either just plain wrong, or does not work, or documented for
UNIX systems, which evidently does not translate over to the Windows
XP world.

I have set up a virtual system locally to test things, and cannot for
the life of me get SMB over SSH to work. I can tunnel telnet just
fine. But not SMB. Here is what I have tried so far:

1. BOTH systems are running Windows XP SP2 with current hotfixes and
the firewall turned OFF. The 2 test systems are on the same subnet,
and SMB communication over port 445 works dandy.

2. I installed CopSSH (tried newest current version and newest preview
version) on System A. I enabled one account to use SSH, and can
successfully putty to System A from System B. Works fine.

3. On System B, using the newest version of putty, I have created a
tunnel for telnet. Relevent settings are under Connection/SSH/Tunnels,
and I use the values of 20000 (local listening port for 127.0.0.1) and
192.168.1.99:23 for the destination. Telnetting to 127.0.0.1 on port
20000 works fine.

4. On system B, I installed a loopback NIC, as described on various
web pages. It uses the settings of 10.0.0.1/255.255.255.0, with the
gateway of my primary NIC (192.168.1.1). I have disabled EVERYTHING
except TCP/IP on this NIC (no SMB, not NetBT, etc.). Again, only the
TCP/IP checkbox is checked for this NIC. This has to be done because
SSH cannot forward a port if that port is in use,and port 445 is used
on my 192.168.1.x NIC. Thus, I have to use the 10.0.0.1 NIC for
forwarding port 445. I have installed KB884020, which addresses
loopback issues.

5. On system B, I configured the SMB tunnel in putty like so:
10.0.0.1:445 local listening port and 192.168.1.99:445 for the
destination. Putty connects just fine, but the tunnel does NOT work. I
cannot access any resources from System B using \\10.0.0.1.

Now, I have installed WireShark on System A and sniffed the wire
during SMB communication attempts. I see the putty traffic just fine
as I create the tunel. However, no port 445 traffic seems to be
getting redirected to System A when I try to access \\10.0.0.1
resources. No traffic at all, actually. There are no incoming or
outgoing packets.

This tells me the issue is with System B,that the tunnel is not
working, most likely the putty configuration. However, I have tried
everything I know to try, and have failed to get this to work. Can
someone out there who has successfully tunnelled SMB over SSH on a
Windows system (preferably XP) please me out? Please note that
you need to edit my email by replace "nospam" with "verizon".

Joe Granto wrote:
> 4. On system B, I installed a loopback NIC, as described on various
> web pages. It uses the settings of 10.0.0.1/255.255.255.0, with the
> gateway of my primary NIC (192.168.1.1). I have disabled EVERYTHING
> except TCP/IP on this NIC (no SMB, not NetBT, etc.). Again, only the
> TCP/IP checkbox is checked for this NIC. This has to be done because
> SSH cannot forward a port if that port is in use,and port 445 is used
> on my 192.168.1.x NIC. Thus, I have to use the 10.0.0.1 NIC for
> forwarding port 445. I have installed KB884020, which addresses
> loopback issues.
>
> 5. On system B, I configured the SMB tunnel in putty like so:
> 10.0.0.1:445 local listening port and 192.168.1.99:445 for the
> destination. Putty connects just fine, but the tunnel does NOT work. I
> cannot access any resources from System B using \\10.0.0.1.
>
> Now, I have installed WireShark on System A and sniffed the wire
> during SMB communication attempts. I see the putty traffic just fine
> as I create the tunel. However, no port 445 traffic seems to be
> getting redirected to System A when I try to access \\10.0.0.1
> resources. No traffic at all, actually. There are no incoming or
> outgoing packets.
>
looks like a routing issue to me. can you ping the 10.0.0.1 address?
if not, you need to adjust your settings.

why add a 10.0.0.1 to an 192.168.x.x system? it would be far easier to
use 192.168.2.x in place of the 10.0.0.1 as you could then use a mask of
255.255.240.0.

by the way, what's the IP for sys-A? by the addresses shown, it looks
like your wired to at lease one router -- please describe the physical
layout

--
try a random act of kindness today -- you just might surprise even
yourself

On Tue, 03 Oct 2006 09:10:37 -0700, Jeff B
<jbeard_No-SpAm_1185@adelphia.net> wrote:

>looks like a routing issue to me. can you ping the 10.0.0.1 address?
>if not, you need to adjust your settings.

That was my initial thought, but it proved not to be the case. The
problem, as documented on http://jgranto.dyndns.org/joe/SSH/index.htm,
is trying to tunnel SMB on port 445.

I get everything to work for NetBT on port 139 with the system
configured as documents in the URL. However, changing the tunnel for
port 445 does not work.

>why add a 10.0.0.1 to an 192.168.x.x system? it would be far easier to
>use 192.168.2.x in place of the 10.0.0.1 as you could then use a mask of
>255.255.240.0.

It does not really matter what the loopback NIC address is, since it
is not getting routed anywhere. In fact, you don't even have to add a
gateway for the adapter. SSH intercepts and redirects.

>by the way, what's the IP for sys-A? by the addresses shown, it looks
>like your wired to at lease one router -- please describe the physical
>layout

Again, the I narrowed down the issue to a port 445 tunnelling issue.
The client and server are on different ISP subnets, each sitting
behind a SOHO router. Thus, the routers have the public IP and use
NAT/PAT, and the client/router have private IP addresses for the
internal network.

Joe Granto wrote:
> I realized I neglected one huge point in my SMB over SSH woes. I have
> successfully tunnelled NetBT over SSH. It is SMB that does not seem to
> work. My exploits are documented here:
>
> http://jgranto.dyndns.org/joe/SSH/index.htm

To start off with a good old-fashioned bit of nitpicking:
SMB is not "also known as samba in the UNIX world". Samba is an
implementation of the SMB protocol suite.

> So, if anyone can tell me how to tunnell SMB on port 445 over SSH on
> Windows XP, I would really appreciate it. My goal is not to enable
> NetBT, and keep the system pure SMB. Thanks!

Personally, I'd just use OpenVPN instead of trying to amputate my arm
with a basketball. SMB uses UDP in many places (examples include host
discovery and name services), but ssh can't forward those. You might be
able to get this working with a croft that would make Albert Einstein's
lecture notes look tidy, but please don't if there's no reason why
openvpn won't work here.

Joe Granto wrote:
> I realized I neglected one huge point in my SMB over SSH woes. I have
> successfully tunnelled NetBT over SSH. It is SMB that does not seem to
> work. My exploits are documented here:
>
> http://jgranto.dyndns.org/joe/SSH/index.htm

To start off with a good old-fashioned bit of nitpicking:
SMB is not "also known as samba in the UNIX world". Samba is an
implementation of the SMB protocol suite.

> So, if anyone can tell me how to tunnell SMB on port 445 over SSH on
> Windows XP, I would really appreciate it. My goal is not to enable
> NetBT, and keep the system pure SMB. Thanks!

Personally, I'd just use OpenVPN instead of trying to amputate my arm
with a basketball. SMB uses UDP in many places (examples include host
discovery and name services), but ssh can't forward those. You might be
able to get this working with a croft that would make Albert Einstein's
lecture notes look tidy, but please don't if there's no reason why
openvpn won't work here.