accessing remote win2k box with smbclient
Paul Dickson
plug-discuss@lists.plug.phoenix.az.us
Wed, 20 Feb 2002 21:55:41 -0700
Please be very sure about opening those ports to the internet. Perhaps
you should use OpenSSH to create a secure tunnel.
I played around with tcpdump between two local system, one being my file
server running Samba. The requests for the smbclient program were all TCP
packets on port 139, while for the nmblookup, the packets were UDP on port
137. Perhaps you could do a tcpdump of the traffic, using "grep -v ssh"
to remove all traffic from the SSH terminal session.
It's possible something is filtering the TCP packets. You could try a
traceroute on that port and see if you get some idea where the filtering
occurs.
Included below are the tcpdumps from my system. Amber is the Samba
server.
Any reason you're not using FTP?
-Paul
On Wed, 20 Feb 2002 11:17:23 -0700, Hunter Kreie wrote:
> The client machine in this case is a Rackspace Linux box. As an attempt at
> crude database integration, I'm trying to access files from our in-house
> win2k server in Chandler. Our WAN implementation is Qwest DSL. The Cisco 675
> router has NAT enabled and I've
> forwarded ports 137-139 to the server with the following cbos commands:
>
> cbos# set nat ent add 10.0.0.2 137
> cbos# set nat ent add 10.0.0.2 138
> cbos# set nat ent add 10.0.0.2 139
>
> from the unix command line:
>
> $ smbclient //fbsrv1/public -I $ipaddress
> added interface ip=207.71.8.57 bcast=207.71.8.255 nmask=255.255.255.0
> session request to FBSRV1 failed (Not listening on called name)
> session request to *SMBSERVER failed (Not listening on called name)
> $
21:20:30.808636 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: S 2613436591:2613436591(0) win 5840 <mss 1460,sackOK,timestamp 22309519 0,nop,wscale 0> (DF)
21:20:30.808688 amber.pwd.internal.netbios-ssn > red.pwd.internal.32773: S 2595381569:2595381569(0) ack 2613436592 win 5792 <mss 1460,sackOK,timestamp 41374280 22309519,nop,wscale 0> (DF)
21:20:30.808759 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: . ack 1 win 5840 <nop,nop,timestamp 22309519 41374280> (DF)
21:20:31.067704 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: P 1:77(76) ack 1 win 5840 <nop,nop,timestamp 22309545 41374280>NBT Packet (DF)
21:20:31.067773 amber.pwd.internal.netbios-ssn > red.pwd.internal.32773: . ack 77 win 5792 <nop,nop,timestamp 41374306 22309545> (DF)
21:20:31.068876 amber.pwd.internal.netbios-ssn > red.pwd.internal.32773: P 1:5(4) ack 77 win 5792 <nop,nop,timestamp 41374306 22309545>NBT Packet (DF)
21:20:31.068940 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: . ack 5 win 5840 <nop,nop,timestamp 22309545 41374306> (DF)
21:20:31.068997 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: P 77:245(168) ack 5 win 5840 <nop,nop,timestamp 22309545 41374306>NBT Packet (DF)
21:20:31.069539 amber.pwd.internal.netbios-ssn > red.pwd.internal.32773: P 5:86(81) ack 245 win 5792 <nop,nop,timestamp 41374306 22309545>NBT Packet (DF)
21:20:31.107535 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: . ack 86 win 5840 <nop,nop,timestamp 22309549 41374306> (DF)
21:20:37.256625 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: P 245:344(99) ack 86 win 5840 <nop,nop,timestamp 22310163 41374306>NBT Packet (DF)
21:20:37.263785 amber.pwd.internal.netbios-ssn > red.pwd.internal.32773: P 86:157(71) ack 344 win 5792 <nop,nop,timestamp 41374926 22310163>NBT Packet (DF)
21:20:37.263880 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: . ack 157 win 5840 <nop,nop,timestamp 22310164 41374926> (DF)
21:20:37.264000 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: P 344:412(68) ack 157 win 5840 <nop,nop,timestamp 22310164 41374926>NBT Packet (DF)
21:20:37.264568 amber.pwd.internal.netbios-ssn > red.pwd.internal.32773: P 157:210(53) ack 412 win 5792 <nop,nop,timestamp 41374926 22310164>NBT Packet (DF)
21:20:37.265905 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: P 412:454(42) ack 210 win 5840 <nop,nop,timestamp 22310164 41374926>NBT Packet (DF)
21:20:37.266065 amber.pwd.internal.netbios-ssn > red.pwd.internal.32773: P 210:249(39) ack 454 win 5792 <nop,nop,timestamp 41374926 22310164>NBT Packet (DF)
21:20:37.297453 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: . ack 249 win 5840 <nop,nop,timestamp 22310168 41374926> (DF)
21:20:39.133994 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: P 454:541(87) ack 249 win 5840 <nop,nop,timestamp 22310351 41374926>NBT Packet (DF)
21:20:39.135149 amber.pwd.internal.netbios-ssn > red.pwd.internal.32773: P 249:1031(782) ack 541 win 5792 <nop,nop,timestamp 41375113 22310351>NBT Packet (DF)
21:20:39.135322 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: . ack 1031 win 7038 <nop,nop,timestamp 22310351 41375113> (DF)
21:20:39.135795 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: P 541:580(39) ack 1031 win 7038 <nop,nop,timestamp 22310351 41375113>NBT Packet (DF)
21:20:39.136578 amber.pwd.internal.netbios-ssn > red.pwd.internal.32773: P 1031:1080(49) ack 580 win 5792 <nop,nop,timestamp 41375113 22310351>NBT Packet (DF)
21:20:39.167427 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: . ack 1080 win 7038 <nop,nop,timestamp 22310355 41375113> (DF)
21:20:40.562352 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: F 580:580(0) ack 1080 win 7038 <nop,nop,timestamp 22310494 41375113> (DF)
21:20:40.574015 amber.pwd.internal.netbios-ssn > red.pwd.internal.32773: F 1080:1080(0) ack 581 win 5792 <nop,nop,timestamp 41375257 22310494> (DF)
21:20:40.574110 red.pwd.internal.32773 > amber.pwd.internal.netbios-ssn: . ack 1081 win 7038 <nop,nop,timestamp 22310495 41375257> (DF)
>
> and...
>
> $ nmblookup -A $ipaddress
> Looking up status of $ipaddress
> FBSRV1 <03> - M <ACTIVE>
> FBSRV1 <be> - M <ACTIVE>
> FBADMIN <03> - M <ACTIVE>
21:11:04.160627 red.pwd.internal.32771 > amber.pwd.internal.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST (DF)
21:11:04.160970 amber.pwd.internal.netbios-ns > red.pwd.internal.32771: NBT UDP PACKET(137): QUERY; POSITIVE; RESPONSE; UNICAST (DF)
21:11:05.858932 red.pwd.internal > amber.pwd.internal: (frag 49239:1224@2960)
21:11:05.859058 red.pwd.internal > amber.pwd.internal: (frag 49239:1480@1480+)
21:11:05.859552 amber.pwd.internal > red.pwd.internal: (frag 50539:1236@2960)
21:11:05.859556 amber.pwd.internal > red.pwd.internal: (frag 50539:1480@1480+)
> Apparently the packets are being forwarded by the router or I'd have
> received "Connection to FBSRV1 failed." But this is all the further I get.
>
> Is this a client side or server side problem? I don't have the facilities to
> attempt connecting to the win2k server from a unix box locally.
>
> I am also open to alternative means of mounting the in-house server data on
> the Linux box if you have any good ideas. Your expertise is appreciated.
> Thank you.