CIFS over SSH – Extending the network

I recently had an issue where a file copy from a celerra NAS to a server outside the network was failing and I couldn’t figure out why. The file copy was a pull from the outside server which needed access inside the network. The BGP route had somehow changed to go over Integra’s network rather than Verizon and I couldn’t get anyone to fess up to blocking ports 445 and 139. To solve this issue, I turned to SSH tunnelling.

To setup a tunnel from inside a protected network to expose a resource to an external client, you can use the following format:

$ sudo ssh -N -R 445:cifsNAS:445 outsideserver.com

I then created a hosts file entry on the outside server to map cifsNAS to 127.0.0.1.

#/etc/hosts
127.0.0.1  cifsNAS

What this does is SSH to outsideserver.com and open up port 445 on that host, which will then tunnel all traffic from outsideserver1:445 to cifsNAS:445. This solved my temporary issue and I was able to copy the needed files over.

Leave a Reply

Your email address will not be published. Required fields are marked *