If you use the "interfaces" line, don't forget to also have "lo" in that line so Samba listens on the loopback - Samba uses the loopback to also communicate with itself.
If you want the Samba to only be accessible to the internal network, and you want the Web server to be accessible to the Outside, and the Web service is the only service that needs to be accessible from the Outside, then set iptables to block new connections from the Outside, to every port except 80 (and 443 if you are using SSL). Supposing your internal network was 192.168.1.0/24, this could be done with: # Allow Web from anywhere iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT iptables -A INPUT -i eth0 -p tcp --dport 443 -j ACCEPT # Allow replies to our previously-sent packets, form anywhere iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow anything else from the internal network (you may want to change this!) iptables -A INPUT -i eth0 -s 192.168.1.0/24 -j ACCEPT # It was from outside and unauthorized, drop and log iptables -A INPUT -i eth0 -j log --log-level info --prefix "Dropped outside pkt:" iptables -A INPUT -i eth0 -j REJECT with various embellishments possible... Corey On Fri, Jun 27, 2003 at 11:12:38AM -0400, Andrew Perrin wrote: > Samba has an interface = line; you can use it to specify what interfaces > you'll allow. If you'll have only one NIC (why, by the way?), presumably > you'll be giving it two aliases? (e.g., eth0:0 and eth0:1)? If so, just > do: > > interfaces = eth0:0 > > if that's the one on your internal network. > > Best, > A > > ---------------------------------------------------------------------- > Andrew J Perrin - http://www.unc.edu/~aperrin > Assistant Professor of Sociology, U of North Carolina, Chapel Hill > [EMAIL PROTECTED] * andrew_perrin (at) unc.edu > > > On Fri, 27 Jun 2003, Roy Vestal wrote: > > > I'm getting ready to setup a server at home. I want to share, via SAMBA, > > a couple of drives, and at the same time use it as a webserver. i know > > that this isn't the most ideal thing, but I only have room for one > > server. > > > > My Question: How do I lock it down so that only my internal network can > > see the SAMBA shares? I will only have one NIC. I'll be using IPTABLES > > as well. I want to be able to ssh in from the outside as well. > > > > Any suggestions? > > > > _______________________________________________ > > TriLUG mailing list > > http://www.trilug.org/mailman/listinfo/trilug > > TriLUG Organizational FAQ: > > http://www.trilug.org/faq/TriLUG-faq.html > > > _______________________________________________ > TriLUG mailing list > http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ: > http://www.trilug.org/faq/TriLUG-faq.html _______________________________________________ TriLUG mailing list http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ: http://www.trilug.org/faq/TriLUG-faq.html
