Skip to content

Instantly share code, notes, and snippets.

@rikka0w0

rikka0w0/tunnel_smb_windows.md

Created March 2, 2020 17:21
Show Gist options
  • Save rikka0w0/7777ae4cc46b389a7acd41169ae5bdcb to your computer and use it in GitHub Desktop.
Save rikka0w0/7777ae4cc46b389a7acd41169ae5bdcb to your computer and use it in GitHub Desktop.
Download ZIP
How to proxy smb on Windows 10 using ssh
Raw
tunnel_smb_windows.md

short description with ssh n stuff for tunneling

  1. launch hdwwiz.exe
  2. network adapters -> Microsoft KM-TEST Loopback Adapter -> finish
  3. disable everything except ipv4 in that new network sink
  4. inside the ipv4 settings set up a ip, 255.255.255.255 as subnet mask and disable netbios
    • if you cannot decide on an ip simply use 192.0.2.123 since it's not a public ip and most likely will never be used in a LAN environment. (in case you care about vpn compatibility)
  5. elevated windows shell
    • run sc config lanmanserver start= delayed-auto
      this is sadly required since microsoft will bind it's smb bullshit to 0.0.0.0:445 thus making it impossible to listen to that port yourself.
      microsoft also does not want you to use smb on a port different than 445.
    • run netsh interface portproxy add v4tov4 listenaddress=192.0.2.123 listenport=445 connectaddress=192.0.2.123 connectport=44445
      this will ensure that 445 stays bound as soon as lanmanserver starts. thus making it possible for you to just spawn a listener onto 44445 to listen to 445 without eaddrinuse errors etc.
  6. edit %windir%\system32\drivers\etc\hosts and add an appropriate mapping like:
    192.0.2.123 smbproxy
  7. reboot
  8. run this script like this:
    node --experimental-modules app.mjs --header header.json -s "wss://yourproxy" -t yoursmbhost:445 -H 192.0.2.123 -p 44445
    • alternatively you could just use ssh -L 192.0.2.123:44445:yoursmbhost:445
  9. open explorer and navigate to \\smbproxy

you can also create multiple mappings in your hosts file for that.
the benefit would be that multiple users of your laptop / pc could access your nas with different usernames / sessions without windows annoying you that someone else is already using that resource.

feel free to open the task creation tool of windows to start this on system startup.

Credits:

  1. https://gitfap.de/GottZ/websocketproxy/blob/master/README.md
  2. https://superuser.com/questions/1094931/ssh-tunnel-on-windows-10-to-linux-samba

Problem Background

It is not possible on Win10 to unbind the SMB service (port 445) from an network interface. This method does not work (at least for me): https://social.technet.microsoft.com/forums/windowsserver/en-US/559e983a-3a53-4ad2-8030-b0cfc9ed0813/how-to-disable-tcpip-and-filesharing-service-on-interface

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment