RE: Using SAMBA through the TCP wrappers
Configure SAMBA so it doesn't even know about the ext interface.
Under globals in smb.conf or in SWAT on the Globals screen you
can tell samba which interfaces to use.
This should work with daemonized or inetd driven samba, AFAIK.
Oh, and g2s (an inetd replacement) is available in woody, etc.
Q: Does the ipmasq default setup filter out external netbios traffic?
On Sun, 24 Dec 2000 19:56:02 Don Laursen wrote:
> I had the same problem. I now use xinetd and use the bind option for
> services I don't want exposed to the external interface.
> > When I installed my system I decided to install the SAMBA
> > server and use
> > it through the inet super daemon. From what the installation
> > instructions said, the SAMBA server will remain dormant
> > untill it hears
> > traffic on the NetBIOS ports.
> > I installed PortSentry the other night and was testing it over at
> > www.grc.com, I found that with the SAMBA server running it left my
> > computer open to NetBIOS attacks. I know that I could simply add the
> > following lines to my firewall script to disallow NetBIOS packets
> > through my external interface (eth0):
> > /sbin/ipchains -A input -i eth0 -p tcp -s 0.0.0.0/0 137:139 -j REJECT
> > /sbin/ipchains -A input -i eth0 -p udp -s 0.0.0.0/0 137:139 -j REJECT
> > This would prevent NetBIOS packets from sneaking through my external
> > interface. I also want to ensure that the SAMBA server will no longer
> > listen for NetBIOS packets on my external interface.
> > How do I configure the inetd.conf file or the HOSTS.* files
> > so that the
> > SAMBA server will no longer listen for NetBIOS packets on my external
> > interface?
> > Stefan
> > --
> > To UNSUBSCRIBE, email to firstname.lastname@example.org
> > with a subject of "unsubscribe". Trouble? Contact
> > email@example.com
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact