[Wlug] Upcoming meetings - topic proposals

Tom Martinson falken@cloudnet.com
Mon, 07 May 2001 10:05:22 -0400


Hello. 

I am new to this LUG.  So I would like to say hello.

Peter said that his wife has to connect to his SaMBa server from UMass. 

When I have had similar situations What I did was to setup a VPN using 
PPTP.  That way you can block All SMB traffic to the outside world.  
Connect to the PPTP termination point with your client.  Setup up the 
Tunnel and then the SMB information is passed on the inside of the 
tunnel.  Thus keeping the integrity.  Also this gives a smaller 
"signature" for your firewall/server to the real world.

Just a though.

Peter Gutowski wrote:

> Well, so far it's not been a problem, although I keep a close watch on suspicious activity. (You'll notice entries for hosts allow and hosts deny. So far that seems to be pretty effective, although I do notice twits trying to access and being denied):
> 
> hosts allow = 192.168.3.0/255.255.255.224  192.168.2.0/255.255.255.0
>               128.119.216.0/255.255.255.0 216.175.212.192/255.255.255.240
> hosts deny = all  # <- no other machines can access
> 
> Perhaps you could suggest conf options that allows [incoming] connections, but don't broadcast availability (i.e. is 'invicible' to all but people that know that that machine is a smb server). As I said, I'm not samba expert! (BTW, my wife accesses the system from her computer at UMass)
> 
> On Monday, May 7, 2001 11:01 AM, Keller, Tim <Tim.Keller@stratus.com> wrote:
> 
>> Hey I was looking at the sample smb.conf file (and I've set up a bunch of
>> samba servers as well) and I saw something odd (well odd for
>> me)
>> 
>> -- start cut --
>> # Configure Samba to use multiple interfaces
>> # If you have multiple network interfaces then you must list them
>> # here. See the man page for details.
>> interfaces = 192.168.3.1  24.91.122.146
>> -- end cut --
>> 
>> >From a home network point of view, why would you want samba to bind to your
>> external (24.xx...) address?  Maybe I'm doing something wrong?
>> 
>> I personally add rules to my firewall to block outgoing and incoming SMB
>> traffic to the outside world.  SMB as a protocol goes (if you could call it
>> that) tends to tell the world more then one would want...
>> 
>> Tim.
>