LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-21-2006, 01:26 PM   #1
evank
LQ Newbie
 
Registered: Jan 2005
Location: USA
Posts: 20

Rep: Reputation: 0
securing samba to a particular subnet or eth device?


We have two servers, one running Windows 2003 the other running Redhat Ent. Linux 4. The servers each have dual-port network cards and are on two disjoint networks. They have:

An external address - an IP allocated to us by our ISP, from which we run services to the outside world (http, ftp and ssh on RHEL; ftp and mms on Win2k3)
For example, an IP of 61.209.100.* under a subnet of 255.255.255.244

An internal address - an IP from behind our firewalled router, from which we want SMB shares accessible at large.
For example, an IP of 192.168.0.* under a subnet of 255.255.255.0

Now, on the windows machine we have Client and File/Printer sharing disabled on the external connection. What we'd like to do on the RHEL machine is configure samba to only listen on local addresses (192.168.0.*, subnet 255.255.255.0), OR configure it to only listen from one of the eth devices, whichever is better/safer/easier. Can this be done, and if so, could someone kindly instruct us on how?

I appreciate any response, thanks!
 
Old 12-21-2006, 01:47 PM   #2
slacky
Member
 
Registered: Feb 2004
Location: USA
Distribution: Debian
Posts: 174

Rep: Reputation: 16
Try this in your smb.conf - replace br0 with the eth device you want Samba to listen on:

interfaces = br0
bind interfaces only = Yes
 
Old 12-21-2006, 01:48 PM   #3
Brian1
Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 61
Edit the /etc/samba/smb.conf file. If the default exist then near the top is a line like this.
Code:
 ;   hosts allow = 192.168.1. 192.168.2. 127
Change to something like
Code:
    hosts allow = 192.168.0. 127
Brian
 
Old 12-22-2006, 09:00 AM   #4
evank
LQ Newbie
 
Registered: Jan 2005
Location: USA
Posts: 20

Original Poster
Rep: Reputation: 0
fantastic, thanks for the advice! someone else linked me to the samba docs as well, so that will be helpful too.
 
  


Reply

Tags
samba, security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Set up IP on specific eth device? johnnybhoy67 Linux - Networking 3 10-21-2005 12:33 PM
Need help with shapecfg working with virtual eth device rdmaxx Linux - Networking 1 02-10-2005 04:38 PM
Device 'eth' doesn't exist Moth7 Linux - Networking 2 10-24-2003 04:45 PM
Change Eth Device gamehack Slackware 4 09-01-2003 11:31 AM
Cannot activate eth device kakridge Linux - Networking 4 07-14-2003 08:22 PM


All times are GMT -5. The time now is 04:11 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration