Hi, After some digging I came across the "interfaces" and "bind interfaces" parameters in smb.conf which could help securing samba on a machine connected to the net.These parameters could be used along with firewalling the external interface if one _has_ to run samba on a dual homed machine connected to the 'net.The docs also say that IP Source address spoofing could defeat the use of these parameters though. I still dont have a clue as to how a doze2k server can be made to allow access to shares only to clients on the local lan but not to clients connecting via the external interface.This is OT for this list so if anyone has suggestions I would welcome continuing the discussion offlist via email. Regards, manohar
> interfaces (G) > > This option allows you to override the default network interfaces list that >Samba will use for browsing, name registration > and other NBT traffic. By default Samba will query the kernel for the list of >all active interfaces and use any interfaces > except 127.0.0.1 that are broadcast capable. > > bind interfaces only (G) > > This global parameter allows the Samba admin to limit what interfaces on > a machine will serve SMB requests. If affects > file service smbd(8) and name service nmbd(8) in slightly different ways. > > Suresh Ramasubramanian wrote: > +++ Dayalan Manohar [linux-india] <14/01/02 21:12 +0530>: > > news to me.if you can remember let me know.is a read only public share > > acceptable?i'm sure that there must be lots of doze boxes with sharing > > enabled connected to the 'net.i've always wondered about having shares (to > > be accessed by the local lan) on a doze server connected to the net. > > As long as you have public access to the shares turned off or otherwise > locked down. Even then you are laying yourself open to crackers trying > buffer overflows etc. If you make them public access + read/write then > you'll find yourself suddenly hosting lots of porn and warez (pirated > software) suddenly, that you don't know about ... > > -srs > -- > Suresh Ramasubramanian <----> mallet <at> efn dot org > EMail Sturmbannfuhrer, Lower Middle Class Unix Sysadmin > [Linux One Stanza Tip] From : <[EMAIL PROTECTED]> > LOST #126 -**< Sub : Locating a command (whereis) >**- > To locate the binary, source, and manual page for a command, > try : whereis <command> [e.g. whereis man]. See man pages for > detailed filter options) > For merely knowing where it lies: which <command> > > _______________________________________________ > linux-india-help mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/linux-india-help _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
