Hello. I am new to this LUG. So I would like to say hello. Peter said that his wife has to connect to his SaMBa server from UMass. When I have had similar situations What I did was to setup a VPN using PPTP. That way you can block All SMB traffic to the outside world. Connect to the PPTP termination point with your client. Setup up the Tunnel and then the SMB information is passed on the inside of the tunnel. Thus keeping the integrity. Also this gives a smaller "signature" for your firewall/server to the real world. Just a though. Peter Gutowski wrote:
Well, so far it's not been a problem, although I keep a close watch on suspicious activity. (You'll notice entries for hosts allow and hosts deny. So far that seems to be pretty effective, although I do notice twits trying to access and being denied):
hosts allow = 192.168.3.0/255.255.255.224 192.168.2.0/255.255.255.0 128.119.216.0/255.255.255.0 216.175.212.192/255.255.255.240 hosts deny = all # <- no other machines can access
Perhaps you could suggest conf options that allows [incoming] connections, but don't broadcast availability (i.e. is 'invicible' to all but people that know that that machine is a smb server). As I said, I'm not samba expert! (BTW, my wife accesses the system from her computer at UMass)
On Monday, May 7, 2001 11:01 AM, Keller, Tim <Tim.Keller@stratus.com> wrote:
Hey I was looking at the sample smb.conf file (and I've set up a bunch of samba servers as well) and I saw something odd (well odd for me)
-- start cut -- # Configure Samba to use multiple interfaces # If you have multiple network interfaces then you must list them # here. See the man page for details. interfaces = 192.168.3.1 24.91.122.146 -- end cut --
From a home network point of view, why would you want samba to bind to your external (24.xx...) address? Maybe I'm doing something wrong?
I personally add rules to my firewall to block outgoing and incoming SMB traffic to the outside world. SMB as a protocol goes (if you could call it that) tends to tell the world more then one would want...
Tim.