port forward via the router

[teh_g]

Hello!

I recently got a nice big dedicated server sitting in a data center that I'd like to have a Samba share running on (yes, I am well aware of the security requirements for having a share like that on the wide internet. I have it covered.)

Comcast, in all of their infinite glory, decided that blocking the ports (139. 445) for Samba was a good idea. I understand their desire to stop malware, so whatever. Since I want to use this server as a store for encrypted, off site storage, I want to have my entire network be able to access that Samba share. I don't want to use VPN, since I don't need all of my traffic to flow through that box.

I am wondering if I can automate an SSH tunnel via my router to that server. Basically if any local machine on my network attempts to reach out to the Samba ports on that remote server, have it tunnel through SSH.

 

[RMerlin]

You can setup a VPN tunnel without redirecting any traffic - just don't enable the "Redirect Internet" option. It will become just another route to that server's private IP, which the router will use when trying to access an IP on that subnet.

 

[teh_g]

You can setup a VPN tunnel without redirecting any traffic - just don't enable the "Redirect Internet" option. It will become just another route to that server's private IP, which the router will use when trying to access an IP on that subnet.

I assume that would be the interface type of TAP versus TUN? I'm looking on the OpenVPN clients page and didn't see a specific option for Redirect Traffic.

Would using a tunnel like that add more overhead than I need? I was hoping to be a bit lazy and use the existing SSH daemon on my server over installing OpenVPN.

 

[RMerlin]

I assume that would be the interface type of TAP versus TUN?

No, you can stick with TUN, will be simpler network-wise.

I'm looking on the OpenVPN clients page and didn't see a specific option for Redirect Traffic.

It's right there.

Would using a tunnel like that add more overhead than I need? I was hoping to be a bit lazy and use the existing SSH daemon on my server over installing OpenVPN.

If you don't want to deal with manually configuring routers, this will be simpler to handle than an SSH tunnel.

You could even disable encryption if you wanted to drop as much overhead as possible, but I wouldn't recommend it.

 

[teh_g]

No, you can stick with TUN, will be simpler network-wise.



It's right there.

View attachment 5940



If you don't want to deal with manually configuring routers, this will be simpler to handle than an SSH tunnel.

You could even disable encryption if you wanted to drop as much overhead as possible, but I wouldn't recommend it.

I am totally blind...

So essentially, setting the "Redirect Internet traffic" to "No" will make my internet traffic act normally, except when I reach out to my server's IP address? That is perfect!

 

[RMerlin]

I am totally blind...

So essentially, setting the "Redirect Internet traffic" to "No" will make my internet traffic act normally, except when I reach out to my server's IP address? That is perfect!

Yep. While many users use a VPN as a way to hide their traffic from their ISP, primary reason for a VPN remains to connect two remote networks together. This would be perfect for your case.