RE: Using SAMBA through the TCP wrappers

To: adric@ccactus.com
Cc: debian-firewall@lists.debian.org
Subject: RE: Using SAMBA through the TCP wrappers
From: adric <adric@ccactus.com>
Date: Sun, 24 Dec 2000 23:32:36 -0500
Message-id: <20001224233236.A879@lissa.dyndns.org>
In-reply-to: <001101c06e0d$748a1310$0a01a8c0@nis001>; from don@darkphoton.com on Sun, Dec 24, 2000 at 19:56:02 -0500
References: <3A469055.F253A44@telusplanet.net> <001101c06e0d$748a1310$0a01a8c0@nis001>

Configure SAMBA so it doesn't even know about the ext interface.
Under globals in smb.conf or in SWAT on the Globals screen you
can tell samba which interfaces to use.

This should work with daemonized or inetd driven samba, AFAIK.

Oh, and g2s (an inetd replacement) is available in woody, etc.

Q: Does the ipmasq default setup filter out external netbios traffic?

-adric@ccactus.com


On Sun, 24 Dec 2000 19:56:02 Don Laursen wrote:
> I had the same problem. I now use xinetd and use the bind option for
> services I don't want exposed to the external interface.
> 
> > When I installed my system I decided to install the SAMBA
> > server and use
> > it through the inet super daemon. From what the installation
> > instructions said, the SAMBA server will remain dormant
> > untill it hears
> > traffic on the NetBIOS ports.
> >
> > I installed PortSentry the other night and was testing it over at
> > www.grc.com, I found that with the SAMBA server running it left my
> > computer open to NetBIOS attacks.  I know that I could simply add the
> > following lines to my firewall script to disallow NetBIOS packets
> > through my external interface (eth0):
> >
> > /sbin/ipchains -A input -i eth0 -p tcp -s 0.0.0.0/0 137:139 -j REJECT
> > /sbin/ipchains -A input -i eth0 -p udp -s 0.0.0.0/0 137:139 -j REJECT
> >
> > This would prevent NetBIOS packets from sneaking through my external
> > interface. I also want to ensure that the SAMBA server will no longer
> > listen for NetBIOS packets on my external interface.
> >
> > How do I configure the inetd.conf file or the HOSTS.* files
> > so that the
> > SAMBA server will no longer listen for NetBIOS packets on my external
> > interface?
> >
> > Stefan
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact
> > listmaster@lists.debian.org
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
>

Reply to:

References:
- Using SAMBA through the TCP wrappers
  - From: Stefan Srdic <linuxbox@telusplanet.net>
- RE: Using SAMBA through the TCP wrappers
  - From: "Don Laursen" <don@darkphoton.com>

Prev by Date: RE: Using SAMBA through the TCP wrappers
Next by Date: Re: Iptables FW under 2.4.0-test11
Previous by thread: RE: Using SAMBA through the TCP wrappers
Next by thread: true NAT
Index(es):
- Date
- Thread