Re: Broadcast packets
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> This is not politics. It is practicality. You are using a fairly large
> suite of programs to do a fairly small job. samba is 6254K installed,
> lprng is 3580K installed, lpr is 348K installed. The biggest, most
> complex program that does the most things is also likely to be the most
> security problematic. lprng is one hell of a lot bigger and cruftier than
> I would like, but has made a real effort at security.
I don't actualy need samba for printing, it's being used (for printing)
because I can but Win2000 can print with IPP thus directly to cups. The
problem is that I also use some filesystem exports. But I guess that if I
*MUST* I'll drop samba but I'd rather not lose that functionality
>
> > I asked if it was possible to hear broadcast packages without binding to
> > 0.0.0.0 (all interfaces) but to 192.168.1.0 instead. Anyone know?
>
> See:
> http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.
>3/chap29sec284.html
>
> Look at :
> bind interfaces only = True
>
> The option bind interfaces only if set to True, allows you to
> limit what interfaces will serve smb requests. This is a security
> feature. The configuration option interfaces = eth0 192.168.1.1
> below completes this option.
>
> interfaces = eth0 192.168.1.1
>
> The option interfaces allows you to override the default network
> interface list that Samba will use for browsing, name registration
> and other NBT traffic. By default, Samba will query the kernel for
> the list of all active interfaces and use any interface, except
> 127.0.0.1, that is broadcast capable. With this option, Samba will
> only listen on interface eth0 on the IP address 192.168.1.1. This
> is a security feature, and completes the above configuration option
> bind interfaces only = True.
>
> So, it would appear so.
That alone produces a config where samba listens on 0.0.0.0:137-138.
I reported that as a bug and got an awnser that to listen to broadcasts you
actualy had to bind like that. I find that odd since every interface has a
broadcast address. Any guru out there care to enlighten me?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7z0GR2SBo0jBmgGARAjM6AJ97qQgYJ4t9jM4z/fpBjy2FbUbOuQCg4DCm
7G27c7Ntp1/SdkTJm9r2nig=
=1pTy
-----END PGP SIGNATURE-----
Reply to: