[Samba] smbclient to access limited networks?
Sylvestre TABURET
staburet at mandrakesoft.com
Thu Mar 6 20:10:27 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 06 March 2003 01:51 pm, Hiro Sugawara wrote:
> I am new to this ML and am sorry if this question has been answered
> already.
>
> I have a firewall router running Linux having two Ethernet ports (i.e.
> access to two networks) for INTRANET and INTERNET. This firewall needs
> to run smbclient to access a share on a Win2K host in the INTRANET.
> Looking into the Linux kernel message log, I found smbclient is
> broadcasting NetBIOS name service queries to not only the INTRANET side
> but also the INTERNET side.
>
> I want to disable the queries to the INTERNET side because it could get
> forged responses and lead to a security bleach. I checked the "hosts
> allowed" field in smb.conf, but it seems to work only to limit accesses
> to a Samba server--not to limit anything with smbclient.
>
> I'll appreciate any suggestion.
>
> TIA.
> hiro
> --
> Hiro Sugawara <hiro at arkusa.com>
Hi,
use the parameter "interfaces" in smb.conf:
- -------------------------------
man smb.conf:
...
interfaces (G)
This option allows you to override the default network interfaces list
that Samba will use for browsing, name registration and other NBT
traffic. By default Samba will query the kernel for the list of all
active interfaces and use any interfaces except 127.0.0.1 that are
broadcast capable.
ex:
interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0 .PP
would configure three network interfaces corresponding to the eth0
device and IP addresses 192.168.2.10 and 192.168.3.10. The netmasks of
the latter two interfaces would be set to 255.255.255.0.
[...]
Default: all active interfaces except 127.0.0.1 that are broadcast
capable...
- ---------------------------------
You also can combine it with "bind interfaces only"
Cheers
- --
| Sylvestre TABURET - 1024D/030E1B7E
| . MandrakeSoft - staburet at mandrakesoft.com
| . Hewlett-Packard - sylvestre.taburet at hp.com
| CCA07:7809, 20555 SH 249, Houston, TX, 77070 - USA
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+Z6szBot2zwMOG34RAsORAJ0dtw2AbZXHPbJppnOLdCNd/8CI8QCfUdhd
yD7eVydmEF05DkmJMgY03yg=
=m6fQ
-----END PGP SIGNATURE-----
More information about the samba
mailing list