Re: Broadcast packets
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 18 Oct 2001, Pedro Corte-Real wrote:
> > > I asked if it was possible to hear broadcast packages without binding to
> > > 0.0.0.0 (all interfaces) but to 192.168.1.0 instead. Anyone know?
> That alone produces a config where samba listens on 0.0.0.0:137-138.
> I reported that as a bug and got an awnser that to listen to broadcasts you
> actualy had to bind like that. I find that odd since every interface has a
> broadcast address. Any guru out there care to enlighten me?
Not a guru, but I tried with Stevens, UNIX network Programming, Vol. 1,
and I also used Google, and found the behaviour the system SHOULD show:
Finally, the bind interfaces only option instructs the nmbd process not to
accept any broadcast messages other than those subnets specified with the
interfaces option. Note that this is different from the hosts allow and
hosts deny options, which prevent machines from making connections to
services, but not from receiving broadcast messages. Using the bind
interfaces only option is a way to shut out even datagrams from foreign
subnets from being received by the Samba server. In addition, it instructs
the smbd process to bind to only the interface list given by the
interfaces option. This restricts the networks that Samba will serve.
However, I think that such options in the daemon are not an appropriate
security measure. You might want to set up strict firewall rules to
prevent any outsider from connecting to your SAMBA machine. Running SAMBA
on the same machine as your Firewall is *evil*, but I admit that many
small businesses with one-box-for-everything will use such a setup...
People often think of research as a form of development -- that it's
about doing exactly what you planned, doing it on time, and doing it
with resources that you said you'd use. But if you're going to do
that, you have to know what you are doing, and if you know what you
are doing, it isn't really research."
--Dave Liddle, The New Yorker, Feb. 23/Mar.2, 1998, p84
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----