Leopard Broke SMB Tunnel Mounting via Finder

In Mac OS X 10.4 Tiger, you could use Finder (GUI) to mount an SMB mount which was being tunneled through ssh
For example:

  • From Terminal establish the tunnel:
    ssh -L 139:remote_machine:139 user@remote_machine
    
  • Then, in Finder, Go ? Connect to Server…
  • In “Server Address”, smb://localhost/mountpoint

However, this doesn’t work in Mac OS X 10.5 Leopard anymore!
The workaround is instead of using Finder, to use the mount_smbfs command in Terminal:

mount_smbfs //samba_user_name@localhost/samba_share /local/mount/point/

For example:
After establishing the tunnel (see above), I first made a mount point:

cd ~; mkdir sambamount

Then mounted it:

mount_smbfs //samba_user_name@localhost/data ~/sambamount

Once mounted, you should see the volume appear on your desktop, and you can drag it to the trash (or use ‘umount’) to unmount it.

**** UPDATE 25 Mar, 2009 ****

I’m getting many hits for this post, so I’m adding a little more detail for my setup specifically.

My work blocks almost all ports to incoming traffic. In order to log into a machine from the outside (for example from my home computer) I must first ssh into a firewall computer and setup a tunnel, or can ssh or telnet to another computer (you can do nothing on the firewall computer except ssh or telnet).

So, here’s my setup for tunnelling the SMB traffic within a ssh session (and still mount via Finder):

home <-ssh/tunnel-> firewall.example.com <-smb traffic-> smb_server.example.com

My work account credentials are the same on both the firewall computer and the SMB server.

You can add your modified version of the following to the file ‘/Users/mac_username/.ssh/config’:

#------------------------------------------------------
# For mounting smb shares locally from home:
#-- This is the name of this alias to this specific
#  configuration:
Host smb_tunnel_from_home

#-- Work's firewall computer (can also use IP number here)
Hostname firewall.example.com

#-- In place of 'work_username', your firewall username goes
#  here:
User work_username

#-- 127.0.0.2 is your computer, the second (where there are
#  x's) is the SMB server. Seems like I have to use the IP
#  number (instead of smb_server.example.com for this!):
LocalForward 127.0.0.2:139 xxx.xxx.xxx.xxx:139
LocalForward 127.0.0.2:445 xxx.xxx.xxx.xxx:445

#------ TO USE: ------
#--Using Terminal, at the prompt type (this creates an alias
#  of 127.0.0.1 at 127.0.0.2):
#    sudo ifconfig lo0 alias 127.0.0.2 up
#--Now start the ssh session:
#    sudo ssh work_username@smb_tunnel_from_home \
#    -F /Users/mac_username/.ssh/config
#--Then, in finder, Go->Connect to Server (Cmd-K), in the
#  box type:
#       smb://127.0.0.2/work_username
#--In the box which pops up, enter your work_username
#  and work_password.
#--Be sure to unmount the volume in finder when done using.
#------------------------------------------------------

4 thoughts on “Leopard Broke SMB Tunnel Mounting via Finder

  1. You can also set up an alias for loopback interface from the terminal as follows:

    sudo ifconfig lo0 alias 127.0.0.2 up

    “127.0.0.2” can be any 127.0.0.x address you like, aside from .1, and it will work just like 127.0.0.1 does. Once you do this–and properly configure your ssh tunnel–you can Command-K from the Finder, and Leopard will happily connect using this new address instead. The nice thing is this alias will stick around forever, or until you run the same command except with a “-alias”. (Using this trick, there’s no need to mount_smb by hand through the Terminal; pre-Leopard behavior is essentially restored.)

    Just like with pre-10.5, keep in mind your ssh will need to forward both TCP 139 and 445, and you’ll have to run the ssh command as root in order to allow forwarding those privileged port numbers (which is anything below 1024). I just created my ~/.ssh/config file to reflect the funky port forwarding for that host, and then call it using the following command:

    sudo ssh remote_login_name@remote_server_name -F /Users/my_login/.ssh/config

    Here is the relevant excerpt from my ~/.ssh/config file…

    Host remote_server_name
    User remote_login_name
    LocalForward 127.0.0.2:139 remote_ip_address:139
    LocalForward 127.0.0.2:445 remote_ip_address:445

    Finally, a caveat about connecting to a Windows machine using this method…

    Since Windows machines do not respond to SMB requests on 127.0.0.1, you will need to point your ssh config either to the IP address of the ‘Microsoft Loopback Adapter’ you manually installed (refer to other sources of info on the web about how to do this; it’s pretty easy), or you will have to point your ssh config to the remote server’s *non-loopback* IP address. If you are using the second method, be ABSOLUTELY sure you limit access to ‘File and Printer Sharing’ using the Windows Firewall or a hardware firewall.

    Good luck!

  2. Great post and comment! Thanks a lot. I have finally restored transparent remote access to my files.

    One more addition: you can avoid having to run ssh as root by using a local port above 139. For example, I use 1139. The corresponding server address to enter after Command-K in the finder is

    cifs://user@127.0.0.2:1139/share

  3. I have successfully able to set a SSH tunnel to one of the database servers in my office.
    I can also see the files on this server by connecting to the local port specified in the tunnel.

    How can I mount this in Finder and see the files on localhost: as local files?

    Mount command is not working. I tried MacFuse and MacFusion.. nothing works for me.

Leave a Reply to Rémi Prévost Cancel reply

Your email address will not be published. Required fields are marked *