samba and firewalls

Steve Cohen stevecoh at mcs.com
Thu Apr 27 02:38:05 GMT 2000


I have a little home network with one Windows 98 PC and a pc running
linux.
My idea is that as soon as DSL is finally made available to my area
(which I keep getting told will be real soon now) I want to route it
through the linux box and up to the Windows PC, using IP masquerading,
etc.

At present I have samba enabled on the unix box which opens up several
worthwhile conveniences to me: printing, backing up critical files,
etc., that would not be possible without it.

Of course, once this is up, there is the firewall issue to consider,
which as  PPP internet accessor I haven't had to worry about.  But I am
reading up on the matter.  One source I am using is Linux Firewalls by
Robert L. Ziegler (New Riders).

One of the points in this book is that a firewall PC should never run
samba because it opens up vulnerabilities to attack.  The author doesn't
go into much detail, nor does he offer any workarounds.  He just says
you shouldn't do it.  Period.

My question is how serious a problem this is.  Is it as clear cut an
issue as the author makes out or are there successful examples of samba
being run on a firewall PC, and ways around the vulnerability.  Or
should I invest in another machine or get rid of samba?


More information about the samba mailing list