Enable/use Apple network protocol? AppleTalk? AFP?
It's old and obscure, by comparison. For a simple file transfer in a LAN, it might do.

Edit: A Raspberry Pi could also act as a bridge between the worlds, maybe.

Another way to tackle it is to use a Server 2000/2003 VM on a segregated network with the 98 machine. This way you are not compromising the Synology NAS and Windows 10 PC's. I would not allow a 98 system to be on the same subnet as the rest of my other systems.

I use FTP. Built in IIS to serve the FTP site on my main Windows 10 PC and then whichever FTP client on the retro build to transfer files. Easy, fast, and no need to introduce security vulnerabilities like SMBv1 on the home network.

Sadly no one has ported SMB2/3 to 9x yet. 🙁

You can do the following:
Enable the FW on your Synology NAS and restrict TCP 139 (9x,NT4) or TCP 445 (2000+) to whichever interfaces and/or IP addresses that need access
and/or
You can use winscp440setup on 98-ME if you want to use FTP or SSH. For SSH you may need to enable the following (unknown how you'd do it on Synology but this is what I enable on TrueNAS)
KexAlgorithms +diffie-hellman-group14-sha1
HostKeyAlgorithms +ssh-rsa

NightShadowPT wrote on 2023-05-07, 16:23:

Hi,

I have a 486/DX66 that I am mostly using for DOS and DOS gaming.

For convenience, I have also installed Windows 98 to be able to transfer files to a from the system from my current network.

Why? That's like buying a huge truck to go to the corner shop...

Run a DOS FTP server (the one included in the mTCP suite will run on anything from 5150 up) on the old machine, use a nice user-friendly GUI FTP client (like FileZilla) on the new one.

Running RetroNAS, all of my clients can access SMB shares without having to enable old protocols on my modern machines.

RetroNAS - open source server software for your retro machines

https://github.com/danmons/retronas/wiki/Samba

Samba (the software used by RetroNAS to offer SMB1) is NOT exploitable after Samba version 4.6.4. RetroNAS and Debian 11 use a fully security patched Samba 4.13.X.

Samba will auto-negotiate the highest common level of the SMB protocol when clients connect in. It can simultaneously handle legacy SMB1 clients connecting in, as well as the very latest SMB 3.1.1 clients (Windows 10, Windows 11, modern macOS, and modern Linux clients like MiSTer-FPGA). You can log on to your RetroNAS device via SSH and run the smbstatus -vv command to see every active connection and SMB protocol version used separately by each.

For good measure I keep retro & modern on separate subnets, and don't enable gateways on the old machines.

[edit] Want to clarify: This auto-negotiation is built into Samba, so it's not like you have to install RetroNAS to get it. It should work the same on Synology, but I can't speak to that first hand. Can anyone chime in?

No way of running modern SMB on vintage windows. No way of securely providing network drives to vintage windows from anything modern. FTP is probably no better than SMBv1 from a security perspective either, same goes for WebDAV.

I use the NetWare file & print services which run over IPX/SPX. While the NetWare protocols security is likely awful (its over 25 years old), windows hasn't supported IPX since Server 2003, and it's not routable over the internet at all. So it's practically on its own subnet - the IPX/SPX traffic is completely invisible to anything remotely modern that isn't running a packet sniffer. Any attack against this would have to come from within my LAN and be quite targeted. So I rate that as good enough security.

Feature-wise its pretty much equivalent to SMB except no peer-to-peer ability - the Windows 98 PC can talk to the server but not to other PCs. But you get network drives on DOS as well as Windows 9x, NT/2000/XP/2003, OS/2 and more which is nice. Currently I run an actual instance of NetWare Server in a VM, but there is also Mars NWE which is the equivalent of Samba (implements the netware server bits on linux). MarsNWE hasn't been maintained in a long time though so really something you're better off running on a dedicated Raspberry Pi or in a VM (it's probably not easy to cleanly uninstall it).

None of this is low effort though. To me the effort has been worthwhile because it does DOS network drives extremely well; nothing does network drives on DOS better. I'm hoping that someday something like this will make using the NetWare protocols a bit easier, but until then it takes some effort to setup. Probably more effort than it's worth if you've only got a single vintage PC you're trying to network.

But then I don't know there is any option suitable for a single PC that is relatively quick/easy to setup and more secure than just using SMBv1. Any solution aiming for better security is going to involve some combination of VMs, Raspberry Pi equivalents, VLANs, and obscure non-internet-routable network stacks.

No idea about a Synology. It may be old school but a friend setup a File Server with two nic's and two smart firewalled routers. One for certain computers to get to internet and the file server, and one for others to a diff router and file server.
Kept his Internet and Intranet separate. Think something like that would work since you really cannot easily browse the internet on a DOS, win3x or win9x box ....just a thought.

If your lan is behind a nat router, the stuff on the inside would not be available unless port forwarded on the router. I just run plain insecure smb1 straight because I tust my lan. (And I don’t have modern windows computers 😀 )

st31276a wrote on 2023-05-08, 14:05:

If your lan is behind a nat router, the stuff on the inside would not be available unless port forwarded on the router. I just run plain insecure smb1 straight because I tust my lan. (And I don’t have modern windows computers 😀 )

100% this

people blow this crap way out of proportion

maxtherabbit wrote on 2023-05-08, 15:01:

st31276a wrote on 2023-05-08, 14:05:

If your lan is behind a nat router, the stuff on the inside would not be available unless port forwarded on the router. I just run plain insecure smb1 straight because I tust my lan. (And I don’t have modern windows computers 😀 )

100% this

people blow this crap way out of proportion

And people put way too much faith into their $50 router from Best Buy to protect them from exploits. People are their own worst enemy in the end.

one more vote for mTCP's FTPSERVER, fire it up under DOS and with a modern ftp client transfer files around

I use retronas within a lxc container on my proxmox server, pointing at a folder on my nas. Whenever I need it, I just start the container.

Not done it with my retro pc yet running windows 95, but my amiga1200 is networked, and from that I just ftp to my desktop. Seems the simplest way and I will probably be doing the same from my retro pc in the next week or so when I get a long enough cable.

If someone somehow manages to get inside your local LAN, you have way worse problems than insecure SMB1 on a retro machine that just has your games on it.

keenmaster486 wrote on 2023-05-08, 23:52:

If someone somehow manages to get inside your local LAN, you have way worse problems than insecure SMB1 on a retro machine that just has your games on it.

Excellent point !!

Dmetsys wrote on 2023-05-08, 19:57:

And people put way too much faith into their $50 router from Best Buy to protect them from exploits. People are their own worst enemy in the end.

Could be true but even the older ac1900 routers from Asus or Netgear were never $50 new 5-8 years ago (try $100-150 back then = $200 today) and still provide excellent service and control ..
I actually loved my old Actiontec given me by Frontier, it had great functions. I think the issue is not the cheaper priced routers but more how people set them up.... or could be wrong 😀

It's a bit of a round about way but you could enable SMB1 on another PC, laptop, or whatever and treat that as the middleman.
Personally I just have SMB1 enabled on everything and never had any issues, admittedly nothing is on 24x7 though and all my retro hardware is attached to a switch that I turn off when networking isn't needed (due to noisy fans, but the extra level of security is a bonus)

I find I typically use a more modern machine to copy from one PC to another as it's more convenient and reliable. Win9x's GUI sometimes likes to crash but will happily still accept a file been coped to it for example.

maxtherabbit wrote on 2023-05-08, 15:01:

st31276a wrote on 2023-05-08, 14:05:

If your lan is behind a nat router, the stuff on the inside would not be available unless port forwarded on the router. I just run plain insecure smb1 straight because I tust my lan. (And I don’t have modern windows computers 😀 )

100% this

people blow this crap way out of proportion

Same - I have an ftp server set to run on a pi that only provides access to a folder for my retrocomputing stuff and is not accessible to the outside world.