bind interface to private IP

Robert Dahlem Robert.Dahlem at gmx.net
Fri Nov 10 08:40:15 GMT 2000


On Fri, 10 Nov 2000 16:29:43 +1100 (EST), daveo wrote:

>> I want samba to bind nmbd and smbd daemons to 10.0.0.1 not my 
>> public ip, for security....basically I want to run samba on my 
>> lan,..but not have the samba daemons bind to my public ip....so 
>> when u run nmap on my public ip, u don't see ports 139 and 138 
>> open.

>A quick and simple way is to block all traffic going to ports 139 and 
>138 on eth0 using ipchains:
>
>/sbin/ipchains -A input -p tcp -i eth0 -s 0.0.0.0/0 -d <your public 
>ip> \
>137:139 -j REJECT
>/sbin/ipchains -A input -p udp -i eth0 -s 0.0.0.0/0 -d <your public 
>ip> \
>137:139 -j REJECT

The security people always tell me: Do not REJECT, do DENY. Don't even 
spend a bit for an ICMP unreachable packet, don't give away any hint 
that you care.

Regards,
        Robert


-- 
---------------------------------------------------------------
Robert.Dahlem at gmx.net           Fax +49-69-432647
---------------------------------------------------------------

Sent using PMMail (http://www.pmmail2000.com) - fast, decent, email
software; far better than Outlook. Try it sometime.






More information about the samba mailing list