[Samba] Using the right network interface

[John H Terpstra]

On Thu, 2 Jan 2003, Ronan Waide wrote:

> On January 2, jht at samba.org said:
> > Check that this says:
> >
> > 	interfaces = eth0 lo
> >
> > where lo is whatever the loopback interface is called on your system. To
> > find it's name run 'ifconfig -a'
>
> I'd realised that. I'm not exactly a newcomer to unix/samba :)
>
> > What is the output of 'netstat -a'?
>
> netstat was originally (I thought) showing nothing listening on
> 0.0.0.0. Reading the man page I realise this can't be right, since
> nmbd needs to listen there for broadcast traffic. It's currently
> showing a listener on 0.0.0.0. Tweaking socket address, interfaces,
> and bind interfaces only doesn't appear to change this, but as I said
> that's what I'd expect having read through the manual page. I'm just
> suffering from some sort of delusion that I managed to switch the
> service off at some point.

Check the code for nmbd. You will see that it is essential that nmbd
listens on all interfaces. That means it can reply to requests also. It
will NOT broadcast on interfaces that are excluded from the interfaces
specification if "bind interfaces only" has been set.

>
> > HAve you set up a firewall on your system? How have you firewalled port
> > 137/udp?
>
> No, the whole point of my setup is to try and configure any services
> on the machine to be safe in the absence of a firewall. If I don't
> have a listener on a given interface, then it doesn't matter if the
> firewall is working or not, you can't get any information from that
> interface for whatever service you're looking for.

You are way out of good fortune if that is your intent. The only way you
can completely isolate your samba server is using a firewall. I am happy
to send you my simple iptables script if that will help you.

- John T.
-- 
John H Terpstra
Email: jht at samba.org