samba and firewalls

Wandered Inn esoteric at denali.atlnet.com
Thu Apr 27 03:12:29 GMT 2000


Don't we meet in unusual places! (inside joke)  Just a note, I'm
reconfiguring my whole home network (in preparation for DSL as well). 
What you might consider doing is putting together an old 486/pentium xx
to function strictly as your firewall.  You could probably pick one up
for near nothing these days.  I'm working on putting together the
bastion/choke configuration from Ziegler's book.  More as a learning
experience then a necessity.

Steve Cohen wrote:
> 
> I have a little home network with one Windows 98 PC and a pc running
> linux.
> My idea is that as soon as DSL is finally made available to my area
> (which I keep getting told will be real soon now) I want to route it
> through the linux box and up to the Windows PC, using IP masquerading,
> etc.
> 
> At present I have samba enabled on the unix box which opens up several
> worthwhile conveniences to me: printing, backing up critical files,
> etc., that would not be possible without it.
> 
> Of course, once this is up, there is the firewall issue to consider,
> which as  PPP internet accessor I haven't had to worry about.  But I am
> reading up on the matter.  One source I am using is Linux Firewalls by
> Robert L. Ziegler (New Riders).
> 
> One of the points in this book is that a firewall PC should never run
> samba because it opens up vulnerabilities to attack.  The author doesn't
> go into much detail, nor does he offer any workarounds.  He just says
> you shouldn't do it.  Period.
> 
> My question is how serious a problem this is.  Is it as clear cut an
> issue as the author makes out or are there successful examples of samba
> being run on a firewall PC, and ways around the vulnerability.  Or
> should I invest in another machine or get rid of samba?

--
Until later: Geoffrey		esoteric at denali.atlnet.com

I'm afraid there will be more problems with W2K than there were with
Y2K...


More information about the samba mailing list