[Samba] security in a multi segment network
Antonio Nikolic
antonio.nikolic at ibk-consult-gmbh.de
Fri Feb 7 12:49:29 GMT 2003
Hi Kurt!
> for this problem i have a (relative unsecure) network. unfortunally i'm
> not the network admin, so i have to try to get samba secure...
> situation:
> three network segments. two are running direct on the samba server:
> 192.168.10.0/24
> 192.168.30.0/24
> the third is comeing over a hardware-gateway (192.168.10.253) via
> NAT/masquerading.
> so i configured in smb.conf:
> interfaces = 192.168.10.0/24 192.168.30.0/24
> bind interfaces only = yes
> hosts allow = 192.168.10. 192.168.30. EXCEPT 192.168.10.1 EXCEPT
> 192.168.30.1
> the problem:
> i try to access the server from 192.168.20.0 -> access allowed, cause
> samba cannot see, that it's a 20 segment (masquerading).
> question:
> how can i samba tell, not to answer masqueraded requests?
I guess there is no way in telling samba (or any other software) anything
about IPs behind a NATed Gateway, that's the clue in NATing - only your
router knows the real IPs.
You can either block anything coming fom 192.168.10.254 or let it all pass.
Probably you'll have to find another way to restrict access. :-(
greetings back to Tyrol
Antonio Nikolic
>>==============================================
More information about the samba
mailing list