Remote Drive Mapping (SMB Shares) on Windows and Mac
With this tutorial, you can "Map Network Drive" on Windows, or "Connect to server" on Mac, to securely mount a drive that is on a remote computer or server. The Diode Network tunnels your Windows box (or Linux or Mac) directly to the remote shared drive. No static IP address or VPN required.
This is handy if you want to provide multi-user access to the same files - such as in the case of a MS Access database.
If you have any questions, connect with us in our telegram group!
The moving pieces
- Remote drive - we'll run this as a Samba share on a Linux box
- Local machine - a Windows box that wants filesystem access to a remote drive
Remote Drive Setup
System: Ubuntu running on a Contabo VM
Setup Samba
Basically, you can follow the instructions at: https://ubuntu.com/tutorials/install-and-configure-samba#1-overview. But, just to clarify, this is the step-by-step we did from a terminal:
sudo apt update
sudo apt install samba
whereis samba
>> samba: /usr/sbin/samba /usr/lib/x86_64-linux-gnu/samba /etc/samba /usr/share/samba /usr/share/man/man8/samba.8.gz /usr/share/man/man7/samba.7.gz
adduser sambademo
- Set pw: <
yourpwd1
>
- Set pw: <
mkdir /home/sambademo/sambashare
touch /home/sambademo/helloworld.txt
sudo nano /etc/samba/smb.conf
- Add the following
[sambashare]
comment = Samba on Ubuntu
path = /home/sambademo/sambashare
read only = no
browsable = yes
- Add the following
sudo service smbd restart
sudo smbpasswd -a sambademo
- Set pw: <
yourpwd2
>
- Set pw: <
sudo ufw allow samba
- This is only required if you want to ALSO access/verify your share to your public IP address. Otherwise, leave the firewall blocking Samba.
At this point, your Samba share is up and running. If you have a static IP / LAN IP, you can skip down to Local machine setup if you want to sanity-check it and then come back here to continue on.
Setup Diode
diode publish -public.
You may want to use diode publish -private
to publish your Samba share not just via Diode tunneling, but only via Diode tunneling to specific authorized clients.Basically, you can follow the instructions here. But, just to clarify, this is the step-by-step we did from a terminal:
curl -Ssf https://diode.io/install.sh | sh
- This installs the Diode CLI
diode time
- Verify the Diode CLI is installed correctly
- Copy your Server's Diode Address for use later. e.g. the 0xb....9 address as in the following image
wget https://diode.io/diode.service
sudo mv diode.service /etc/systemd/system/
sudo nano /etc/systemd/system/diode.service
- Change
ExecStart=/home/pi/opt/diode/diode publish -public 22:22,80:80,3030:3030
toExecStart=<user home path>/opt/diode/diode publish -public 22:22,445:445,139:139
(where<user home path>
is whatever your user name is - on Ubuntu something like/diodeuser/
) - Change
User=pi
toUser=<yourusername>
(where <yourusername> is whatever your user name is - e.g.User=diodeuser
) - Save it (ctrl-X, Y)
- Change
sudo systemctl enable diode
sudo systemctl start diode
sudo systemctl status diode
- To verify diode is running - you'll see output that includes your Samba ports:
At this point, your Samba share is up and running and accessible from anywhere in the world via its Diode Address. Now you can sudo ufw deny samba
if you want to disable external IP-address-based access to Samba (recommended).
Local Machine Setup
MacOS
OK, super quick - on Mac, Finder allows you to specify a port for your network drives. So it is super easy to mount a network drive on Mac:
- Make sure you have the Diode CLI installed (
curl -Ssf https://diode.io/install.sh | sh
) diode -bind 1039:0xb...9:445
- Where 0xb...9 is the full Diode Address you copied above
- This "binds" your local machine's port 1039 to the remote server's port 445 - which is where Samba lives
- Open Finder and, in the top menu bar, select "Go" and "Connect to Server"
- Enter the address smb://localhost:1039/sambashare and click "Connect"
- Enter "sambademo" and the
<yourpwd2>
password you configured above
- Finder will open to your remote Samba share!
Windows
Windows is not so helpful - it won't let you specify a port to find a network drive on. And, it won't allow you to bind port 445 - that is already taken by the selfish lanman. So, we'll create our own loopback adapter on which no-one is using port 445, then port-map that to a normal localhost ephemeral port, and then bind that port to our remote server.
- Download the Diode CLI for Windows from https://diode.io/download - we recommend putting diode.exe in the user's home folder (e.g. C:\users\diodeuser\diode.exe) since that is where the terminal always opens to by default
- Open a terminal window (cmd.exe) and you can test to see if Diode is working by typing
diode time
- Open a terminal window (cmd.exe) and you can test to see if Diode is working by typing
For the next steps, you can do it via Powershell or via the UI. We'll do it the Powershell way, although UI is arguably easier (see here for directional UI guidance).
- Open Powershell as administrator (right click, Run as Administrator)
- Setup some variables (type these as is in powershell)
$loopback_name = 'SMB-Loopback'
$primary_interface = 'Ethernet'
$loopback_ipv4 = '10.254.1.3'
$loopback_ipv4_length = '32'
- Install the loopback module
Install-Module -Name LoopbackAdapter -MinimumVersion 1.2.0.0 -Force
- Asks to install NuGet → Y
- Completes with no additional messages
- Import the module
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted
- Allows running scripts
Import-Module -Name LoopbackAdapter
- Completes with no additional messages
- Create loopback interface
New-LoopbackAdapter -Name $loopback_name -Force
- Installed Chocolately and finally printed out success
- Network settings now show “Etherenet 2” and “Identifying…” status!
- Now setup some more variables
$interface_loopback = Get-NetAdapter -Name $loopback_name
$interface_main = Get-NetAdapter -Name $primary_interface
- Ensure the adapter is not preferred so it will not jack anything up - it will only be used when EXPLICITLY called out
Set-NetIPInterface -InterfaceIndex $interface_loopback.ifIndex -InterfaceMetric "254" -WeakHostReceive Enabled -WeakHostSend Enabled -DHCP Disabled
Set-NetIPInterface -InterfaceIndex $interface_main.ifIndex -WeakHostReceive Enabled -WeakHostSend Enabled
Set-NetIPAddress -InterfaceIndex $interface_loopback.ifIndex -SkipAsSource $True
- Disable DNS registration so there is nothing routed here intentionally
Get-NetAdapter $loopback_name | Set-DNSClient –RegisterThisConnectionsAddress $False
- Setup the IPs for the loopback
New-NetIPAddress -InterfaceAlias $loopback_name -IPAddress $loopback_ipv4 -PrefixLength $loopback_ipv4_length -AddressFamily ipv4
- Prints out a big table of infos, confirming at the top that we are at 10.254.1.3
- Disable unused bindings (may not be required)
Disable-NetAdapterBinding -Name $loopback_name -ComponentID ms_msclient
Disable-NetAdapterBinding -Name $loopback_name -ComponentID ms_pacer
Disable-NetAdapterBinding -Name $loopback_name -ComponentID ms_server
Disable-NetAdapterBinding -Name $loopback_name -ComponentID ms_lltdio
Disable-NetAdapterBinding -Name $loopback_name -ComponentID ms_rspndr
- Use netsh to port forward to work around the lanman dominance of localhost:445
netsh interface portproxy add v4tov4 listenaddress=10.254.1.3 listenport=445 connectaddress=127.0.0.1 connectport=44445
- Verify port mapping
netsh interface portproxy show v4tov4
- Reset your system to apply all the settings
Finally now we can connect to the remote server!
- Open a terminal window and type our bind command
diode -bind 44445:0xb...9:445
- Where 0xb...9 is the full Diode Address you copied above
- This "binds" your local machine's port 44445 (which is mapped to your loopback's 445) to the remote server's port 445 - which is where Samba lives
- Open explorer, right click on “Network”, select “map network drive” and use \\10.254.1.3\sambashare
- This will popup a box asking for your credentials - enter "sambademo" and the
<yourpwd2>
password you configured above
- This will popup a box asking for your credentials - enter "sambademo" and the
Windows will map your network drive and you can now access your remote drive.