[Samba] smbclient to access limited networks?

Sylvestre TABURET staburet at mandrakesoft.com
Thu Mar 6 20:10:27 GMT 2003

Hash: SHA1

On Thursday 06 March 2003 01:51 pm, Hiro Sugawara wrote:
> I am new to this ML and am sorry if this question has been answered
> already.
> I have a firewall router running Linux having two Ethernet ports (i.e.
> access to two networks) for INTRANET and INTERNET. This firewall needs
> to run smbclient to access a share on a Win2K host in the INTRANET.
> Looking into the Linux kernel message log, I found  smbclient is
> broadcasting NetBIOS name service queries to not only the INTRANET side
> but also the INTERNET side.
> I want to disable the queries to the INTERNET side because it could get
> forged responses and lead to a security bleach. I checked the "hosts
> allowed" field in smb.conf, but it seems to work only to limit accesses
> to a Samba server--not to limit anything with smbclient.
> I'll appreciate any suggestion.
> TIA.
> hiro
> --
> Hiro Sugawara <hiro at arkusa.com>


use the parameter "interfaces" in smb.conf:
- -------------------------------
man smb.conf:
interfaces (G)
This  option  allows  you to override the default network interfaces list 
that Samba will use for browsing,  name  registration and  other  NBT  
traffic. By default Samba will query the kernel for the list of all 
active interfaces  and  use  any  interfaces except that are 
broadcast capable.

interfaces = eth0 .PP
would configure three network  interfaces  corresponding  to  the  eth0 
device and IP addresses and  The netmasks of 
the latter two interfaces would be set to
Default: all active interfaces  except  that  are  broadcast 
- ---------------------------------
You also can combine it with "bind interfaces only"

- -- 
| Sylvestre TABURET - 1024D/030E1B7E
| . MandrakeSoft - staburet at mandrakesoft.com
| . Hewlett-Packard - sylvestre.taburet at hp.com
| CCA07:7809, 20555 SH 249, Houston, TX, 77070 - USA
Version: GnuPG v1.0.7 (GNU/Linux)


More information about the samba mailing list