On Thursday 31 March 2005 23:34, Craig White wrote: > On Thu, 2005-03-31 at 23:25 -0500, Madhusudan Singh wrote: > > On Thursday 31 March 2005 16:29, Andrew Bartlett wrote: > > > On Thu, 2005-03-31 at 12:37 -0500, Madhusudan Singh wrote: > > > > Hi > > > > > > > > I need to make my samba server available over the internet to a > > > > mobile user base. > > > > > > > > I was wondering if samba could be run over ssh (at both client and > > > > server ends). I am not comfortable about opening ports 139 and 445. > > > > > > The standard answer is to use a VPN. > > > > > > Andrew Bartlett > > > > Thanks. Would CIPE be an appropriate solution ? I am beginning to read up > > on it. Does it work the following way : > > > > Linux Server : Samba (139,445) -- 22 -------- Internet -------- 22 -- > > Windows > > ---- > been a while since I used Cipe - I don't recall which ports it used but > it surely wasn't the ssh port (22). > > would recommend against starting with it since you won't find it to be > supported by many 2.6 distro's without a bunch of extra work. > > Suggest that you use openvpn > openvpn.sourceforge.net > > Craig
Thanks for your suggestion. I have installed openvpn and the lzo library on which it depends. One nagging question that I still have is : Does using openvpn (or any VPN solution in general) obviate the need to open these vulnerable ports ? The little documentation that I have read so far talk a lot about encryption. While that is important, I also need to think about the ports (strangely, the firewall does not open any of those ports but nmap -P0 run on the machine reveals that these ports are open : 139/tcp open netbios-ssn 445/tcp open microsoft-ds ) Anyways, another concern I have is that while I have the samba server up and running and all my users are happy with it, how much disruption and user effort can I expect when I implement openvpn ? Like typical windows users, they value ease of use over security. Don't take me wrong, I will definitely implement this if it contributes towards security, but I need to know this to be able to tell my users what to expect. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
