[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Broadcast packets



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Not a guru, but I tried with Stevens, UNIX network Programming, Vol. 1,
> and I also used Google, and found the behaviour the system SHOULD show:
>
> http://samba.he.net/using_samba/ch04_06.html
>
> [snip]
> Finally, the bind interfaces only option instructs the nmbd process not to
> accept any broadcast messages other than those subnets specified with the
> interfaces option. Note that this is different from the hosts allow and
> hosts deny options, which prevent machines from making connections to
> services, but not from receiving broadcast messages. Using the bind
> interfaces only option is a way to shut out even datagrams from foreign
> subnets from being received by the Samba server. In addition, it instructs
> the smbd process to bind to only the interface list given by the
> interfaces option. This restricts the networks that Samba will serve.
> [snip]
>
> However, I think that such options in the daemon are not an appropriate
> security measure. You might want to set up strict firewall rules to
> prevent any outsider from connecting to your SAMBA machine. Running SAMBA
> on the same machine as your Firewall is *evil*, but I admit that many
> small businesses with one-box-for-everything will use such a setup...
>

I guess people didn't realise (since I forgot to mention) that this is no 
small-business firewall, it's my home masquerading box to give internet 
access to my LAN. Naturaly, since this is the only box that's on 24/7 it also 
serves a bunch of other stuff.

Thanks for the awnser, it was exactly what I was looking for.

Greetings,

Pedro.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE70Gfs2SBo0jBmgGARArM4AKCbCr9M0X8+sCv/gmUxfCPvWMoL+gCgss3U
RPnESHOB7w9oXBVjMlzbpFY=
=6QBi
-----END PGP SIGNATURE-----



Reply to: