I recently had an issue where a file copy from a celerra NAS to a server outside the network was failing and I couldn’t figure out why. The file copy was a pull from the outside server which needed access inside the network. The BGP route had somehow changed to go over Integra’s network rather than Verizon and I couldn’t get anyone to fess up to blocking ports 445 and 139. To solve this issue, I turned to SSH tunnelling.
To setup a tunnel from inside a protected network to expose a resource to an external client, you can use the following format:
$ sudo ssh -N -R 445:cifsNAS:445 outsideserver.com
I then created a hosts file entry on the outside server to map cifsNAS to 127.0.0.1.
#/etc/hosts 127.0.0.1 cifsNAS
What this does is SSH to outsideserver.com and open up port 445 on that host, which will then tunnel all traffic from outsideserver1:445 to cifsNAS:445. This solved my temporary issue and I was able to copy the needed files over.