bind interface to private IP
Robert Dahlem
Robert.Dahlem at gmx.net
Fri Nov 10 08:40:15 GMT 2000
On Fri, 10 Nov 2000 16:29:43 +1100 (EST), daveo wrote:
>> I want samba to bind nmbd and smbd daemons to 10.0.0.1 not my
>> public ip, for security....basically I want to run samba on my
>> lan,..but not have the samba daemons bind to my public ip....so
>> when u run nmap on my public ip, u don't see ports 139 and 138
>> open.
>A quick and simple way is to block all traffic going to ports 139 and
>138 on eth0 using ipchains:
>
>/sbin/ipchains -A input -p tcp -i eth0 -s 0.0.0.0/0 -d <your public
>ip> \
>137:139 -j REJECT
>/sbin/ipchains -A input -p udp -i eth0 -s 0.0.0.0/0 -d <your public
>ip> \
>137:139 -j REJECT
The security people always tell me: Do not REJECT, do DENY. Don't even
spend a bit for an ICMP unreachable packet, don't give away any hint
that you care.
Regards,
Robert
--
---------------------------------------------------------------
Robert.Dahlem at gmx.net Fax +49-69-432647
---------------------------------------------------------------
Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email
software; far better than Outlook. Try it sometime.
More information about the samba
mailing list