Make a network drive available over the internet?

Solution 1:

With Samba, you would have to expose TCP port 445 to the outside – usually this involves configuring "port forwarding" in your router. Additionally, you must make sure that your external IP address is pingable from the outside.

After this, you'll be able to access the shares by entering \\youraddress in Explorer's address bar or in Start - Run. (Here youraddress is your server's DNS name if you have one, or your external IP address if you don't.)

However, if you're trying to do this directly over Internet, there are several things to keep in mind:

  • Older versions of the SMB (CIFS) protocol used by Windows file sharing does not provide data encryption (so anybody with a packet sniffer can monitor your file transfers), and its authentication is not especially strong either.

    SMBv3 is the first version with encryption support. You can enable it using smb encrypt = in smb.conf, but this will require Windows 8.1 or newer:

    smb min protocol = SMB3_02
    smb encrypt = required
    

    Windows Vista/7 use SMBv2.x, which does not support encryption.

  • The Windows SMB service has been a very frequent infection target in the past. Even if you're not running Windows, that won't stop your SMB server from being targetted.

    Fortunately, the majority of exploits are targeted at a specific implementation, and e.g. RCEs for Windows cannot affect Samba and vice versa, but it is a potential risk nevertheless.

  • This also means that SMB ports (both the current 445 and the old 139) are often blocked at ISP level so that inbound connections won't even reach your router.

    As most SMB clients do not support connecting to alternate ports and require 445/tcp, this would severely limit your ability to reach the server from outside.

  • Finally, note that Windows machines by default remember the login credentials for the entire local session. Unless you're connecting to Samba as "Guest", you must take special care on public machines: always use net use \\address before opening the share in Explorer, and afterwards net use \\address /del to disconnect. (This is not needed if it's your own personal computer.)

In short, it is really not recommended to run SMB directly over Internet; you should only do this for Samba servers that host low-risk information, and never for Windows servers.

In all other cases, the server should only be accessible over a VPN (corporate/mesh/self-hosted, not the commercial ones). For example, it really wouldn't be much work to install WireGuard or Tailscale on your laptop.

For remote access you should strongly consider using SFTP which can be hosted using the OpenSSH server, which is usually thought to be resilient enough for use over Internet. Another alternative is WebDAV (which runs over HTTPS), e.g. it comes bundled with NextCloud.

Solution 2:

If your family can handle using WinSCP then:

  • install and setup SSH
  • give your family members local accounts on your server
  • symlink your file store into these directories. For example, if you are exposing /srv/samba_files through Samba, you'd want to do an ln -s /home/{user}/files /srv/samba_files or similar for each account. If you have to do this for many accounts you could write a script to do it.
  • install WinSCP on your family's computers

You'll then have a very secure method of transferring files that isn't too difficult to use.

However, if you really want the "network drive" integration with Windows, I'd learn about OpenVPN and then setting up a bridged tunnel to your home network. I've successfully gotten Windows fileshares to work over such tunnels.

You can also use PoPToP (pptpd) to allow a Windows system to connect back to your Ubuntu box via a PPTP vpn. (An IPSec/L2TP tunnel would provide better security but it is difficult to setup).

Solution 3:

It depends on what kind of files you intend to serve. If these are documents, or just files you need to access remotely, just run an FTP server on your Ubuntu server. Make sure you secure it well, with good passwords, and access to just the file directory, and not the root.

If however you intend to stream media files (songs, movies), you're looking at running a streaming server. There are plenty of solutions for that (here's one).

Finally, you could always use an existing "cloud" drive solution like Dropbox or SkyDrive, or Amazon Cloud Player - just synchronize your files with one of those services and internet access (a speedy one at that) is guaranteed.