Well, so far it's not been a problem, although I keep a close watch on suspicious activity. (You'll notice entries for hosts allow and hosts deny. So far that seems to be pretty effective, although I do notice twits trying to access and being denied):
hosts allow = 192.168.3.0/255.255.255.224 192.168.2.0/255.255.255.0
128.119.216.0/255.255.255.0 216.175.212.192/255.255.255.240
hosts deny = all # <- no other machines can access
Perhaps you could suggest conf options that allows [incoming] connections, but don't broadcast availability (i.e. is 'invicible' to all but people that know that that machine is a smb server). As I said, I'm not samba expert! (BTW, my wife accesses the system from her computer at UMass)
On Monday, May 7, 2001 11:01 AM, Keller, Tim
Hey I was looking at the sample smb.conf file (and I've set up a bunch of samba servers as well) and I saw something odd (well odd for me)
-- start cut -- # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. interfaces = 192.168.3.1 24.91.122.146 -- end cut --
From a home network point of view, why would you want samba to bind to your external (24.xx...) address? Maybe I'm doing something wrong?
I personally add rules to my firewall to block outgoing and incoming SMB traffic to the outside world. SMB as a protocol goes (if you could call it that) tends to tell the world more then one would want...
Tim.
--
Peter Gutowski