[Samba] Samba server access through a firewall

[Mansell, Gary]

Hi,

I am running a Samba server in a project office which is separated from
our main company network by a firewall.

We allow all traffic from our company network (where the Windows client
machines are located) into the project office network (where the Samba
server is located) but only allow previously established connections
back. Also a few specified services are allowed from the project office
network to the company network.

In order to get the Samba printing working correctly on the Windows
client machine, it appears that I need to allow connections from the
Samba server to port 139 on the Windows machine. If I don't allow this
port then the print dialog takes ages to initialise and open on the
Windows client machine (although printing does work eventually).

I have two questions:

1) Am I correct in thinking that opening port 139 to the client machines
on our company network is a security risk? Does it allow access to
things like Windows file shares from the project office etc?

2) Are there any other ports that I need to allow back to our company
network from the project office for Samba to work correctly?

Any advice gladly received

Regards

Gary Mansell
-- 

This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this e-mail in error please notify the sender immediately
and delete this e-mail from your system.  Please note that any views or opinions
presented in this e-mail are solely those of the author and do not necessarily
represent those of Ricardo (save for reports and other documentation formally
approved and signed for release to the intended recipient).  Only Directors
or Duly Authorised Officers are authorised to enter into legally binding
obligations on behalf of Ricardo unless the obligation is contained within
a Ricardo Purchase Order.

Ricardo may monitor outgoing and incoming e-mails and other telecommunications
on its e-mail and telecommunications systems.  By replying to this e-mail you
give consent to such monitoring.  The recipient should check this e-mail and
any attachments for the presence of viruses.  Ricardo accepts no liability for
any damage caused by any virus transmitted by this e-mail.  "Ricardo" means
Ricardo plc and its subsidiary companies.

Ricardo plc is a public limited company registered in England with registered
number 00222915.
The registered office of Ricardo plc is Shoreham Technical Centre, Shoreham-by Sea,
West Sussex, BN43 5FG.