Security Concern with Samba server on the Internet

Hall, Ken (ECCS) KeHall at
Tue Sep 22 15:54:34 GMT 1998

I'm in the process of converting from a dedicated file/print server to a
Linux box running Samba.  Among other things, this box currently supports
our Internet gateway via IP Masquerade.  It uses demand dial (diald) at the
moment, but will probably be converted to a full-time connection at some
point in the near future.

I've been asked if it is possible for the Samba server to be accessed from
the Internet while the demand-dial link is active.  Unfortunately I'm not
familiar enough with the protocols to be able to give a definitive answer.

It appears from the documentation that it's possible, but by default smbd
and nmbd bind only to the "primary" interface on the box. In this case that
should be the local Ethernet connection, so there shouldn't be any issue.
I'm considering putting an "Interface" entry in smb.conf just to be safe.  

Can anyone confirm that my assumption is correct, and is there anything else
I should be concerned about other than the usual non-Samba exposures?  Do I
need to be concerned about Samba sending "broadcast" packets out over the
Internet link?

Thanks in advance for the help.

More information about the samba mailing list