Accessing a Samba server over the Internet

Bill Campbell bill at
Sat Dec 20 18:43:17 GMT 1997

On Sat, Dec 20, 1997 at 02:04:47AM +1100, Simon Greener wrote:
>I want to connect to Samba volumes on a SCO Open Server 5 over the Internet
>from my NT 4 workstation.  My workstation is in a local domain and gets a
>dynamic IP address when it connects to my ISP; the Internet hostname is also
>dynamic and can't be predicted.

This is a very Bad Idea as you open your NT box up to all sorts of security
attacks when you allow access to the SMB ports ranging from winnuke, jolt,
and similar programs that can simply ``Blue Screen of Death'' your system
to allowing access to your entire hard disk and security information.

Your ISP may well have their routers configured to block all traffic on
ports 137-139 to prevent attacks on their customers (and to prevent their
customers from attacking others :-) so there's a high probability that you
couldn't connect in any case.  We configure the routers at all the ISPs we
support to block these ports.

We do allow these ports to dial-in customers for access to the web
server(s) so that customers can maintain their own web pages by mounting
their home directories using SAMBA (after warning them that this leaves
them open to attacks from other local users via these ports).  This works
nicely with dynamic IP addresses as the host doesn't care what the IP
address is of the client.

INTERNET:   bill at Celestial.COM  Bill Campbell; Celestial Systems, Inc.
UUCP:               camco!bill  PO Box 820; 2835 82nd Avenue S.E. S-100
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676

"A man full of faith is simply one who has lost (or never had) the capacity
for clear and realistic thought. He is not a mere ass; he is actually ill.
Worse, he is incurable."
	H.L. Mencken

More information about the samba mailing list