Re: How /etc/hosts.allow /etc/hosts.deny and smb.conf play along
Hi Tuxoholic,
[...]
> With this smb.conf tweaking it works fine, but why could smbd/nmbd run past
> /etc/hosts.allow and /etc/hosts.deny without those lines in smb.conf?
Already answered by Juan Sierra Pons.
> To my limited CIDR understandig a /32 mask should restrict access to
> 192.168.2.0.0 and 192.168.2.1 - this should be fine for testing purposes.
Not sure about that. You can check it with ipcalc (in the ipcalc package):
$ ipcalc 192.168.2.0/32
Address: 192.168.2.0 11000000.10101000.00000010.00000000
Netmask: 255.255.255.255 = 32 11111111.11111111.11111111.11111111
Wildcard: 0.0.0.0 00000000.00000000.00000000.00000000
=>
Hostroute: 192.168.2.0 11000000.10101000.00000010.00000000
Hosts/Net: 1 Class C, Private Internet
So it looks like you need a 31 bit netmask for that address range:
$ ipcalc 192.168.2.0/31
Address: 192.168.2.0 11000000.10101000.00000010.0000000 0
Netmask: 255.255.255.254 = 31 11111111.11111111.11111111.1111111 0
Wildcard: 0.0.0.1 00000000.00000000.00000000.0000000 1
=>
Network: 192.168.2.0/31 11000000.10101000.00000010.0000000 0
HostMin: 192.168.2.0 11000000.10101000.00000010.0000000 0
HostMax: 192.168.2.1 11000000.10101000.00000010.0000000 1
Hosts/Net: 2 Class C, Private Internet, PtP Link RFC 3021
> Once this denies all services I'd set it to /24 to have access to the
> whole "subnet" from 192.168.2.0-192.168.2.255 and 127.0.0.1 127.0.1.1
Well you don't seem to be allowed .0 and .255:
$ ipcalc 192.168.2.0/24
Address: 192.168.2.0 11000000.10101000.00000010. 00000000
Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000
Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111
=>
Network: 192.168.2.0/24 11000000.10101000.00000010. 00000000
HostMin: 192.168.2.1 11000000.10101000.00000010. 00000001
HostMax: 192.168.2.254 11000000.10101000.00000010. 11111110
Broadcast: 192.168.2.255 11000000.10101000.00000010. 11111111
Hosts/Net: 254 Class C, Private Internet
I hope this helps.
--
Cheers,
Clive
Reply to: