[Wlug] Upcoming meetings - topic proposals

Scott Venier scottven@umich.edu
Mon, 7 May 2001 13:13:40 -0400 (EDT)


A VPN is a good idea.  PPTP, however, isn't.  I highly recomend using some
other VPN setup, if at all possible.  PPTP on linux doesn't excatly give
you a rock solid network conneciton.  But, if you have no other options,
there are both a client and a server for linux.  The server is called
PoPToP.  Search freshmeat for it.  The client lives at
http://merced.needsabeating.com/pptp.html.

Scott
Maintainter of the PPTP-Linux client.

On Mon, 7 May 2001, Tom Martinson wrote:

> Hello.
>
> I am new to this LUG.  So I would like to say hello.
>
> Peter said that his wife has to connect to his SaMBa server from UMass.
>
> When I have had similar situations What I did was to setup a VPN using
> PPTP.  That way you can block All SMB traffic to the outside world.
> Connect to the PPTP termination point with your client.  Setup up the
> Tunnel and then the SMB information is passed on the inside of the
> tunnel.  Thus keeping the integrity.  Also this gives a smaller
> "signature" for your firewall/server to the real world.
>
> Just a though.
>
> Peter Gutowski wrote:
>
> > Well, so far it's not been a problem, although I keep a close watch on suspicious activity. (You'll notice entries for hosts allow and hosts deny. So far that seems to be pretty effective, although I do notice twits trying to access and being denied):
> >
> > hosts allow = 192.168.3.0/255.255.255.224  192.168.2.0/255.255.255.0
> >               128.119.216.0/255.255.255.0 216.175.212.192/255.255.255.240
> > hosts deny = all  # <- no other machines can access
> >
> > Perhaps you could suggest conf options that allows [incoming] connections, but don't broadcast availability (i.e. is 'invicible' to all but people that know that that machine is a smb server). As I said, I'm not samba expert! (BTW, my wife accesses the system from her computer at UMass)
> >
> > On Monday, May 7, 2001 11:01 AM, Keller, Tim <Tim.Keller@stratus.com> wrote:
> >
> >> Hey I was looking at the sample smb.conf file (and I've set up a bunch of
> >> samba servers as well) and I saw something odd (well odd for
> >> me)
> >>
> >> -- start cut --
> >> # Configure Samba to use multiple interfaces
> >> # If you have multiple network interfaces then you must list them
> >> # here. See the man page for details.
> >> interfaces = 192.168.3.1  24.91.122.146
> >> -- end cut --
> >>
> >> >From a home network point of view, why would you want samba to bind to your
> >> external (24.xx...) address?  Maybe I'm doing something wrong?
> >>
> >> I personally add rules to my firewall to block outgoing and incoming SMB
> >> traffic to the outside world.  SMB as a protocol goes (if you could call it
> >> that) tends to tell the world more then one would want...
> >>
> >> Tim.
> >
>
> _______________________________________________
> Wlug mailing list
> Wlug@mail.wlug.org
> http://mail.wlug.org/mailman/listinfo/wlug
>