LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 12-16-2006, 02:22 PM   #1
wraithe
Member
 
Registered: Feb 2006
Location: australia
Distribution: Linux... :-)
Posts: 216
Blog Entries: 1

Rep: Reputation: 30
smb server with internet connection shared...


Ok, here's my problem...over 10 yrs out of networking and only playing with linux2linux or win2win networks, i have a drama now...
Local non-profit group want a server and as i am pc illiterate(yeh ok i know where the off switch is) i have been asked to set this up...
I have smb working fine and i am setting up seperate folders for each user, no probs...
i need to have a shared internet connection and i need to limit it to users that have permission and have a password to do so, the password side wont be a prob once i get it to share...i cant get thru the lin box at all yet...
this machine has two network cards(working fine, i can get out with the linbox(thats what i am using now) but not with a winbox using the server)...
i basically am setting up a smb server and a proxy on the one machine...
normally easy, but i have forgotten more than i care to remember, so wish to ask a younger mind for help...lol..
 
Old 12-16-2006, 02:26 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
maybe you would beenfit from defining what kind of internet access is required? Hopefully you just want a web proxy, in which case squid will help you out no problem, and can levergage user/password databases is many forms, most simply the local accounts on the box itself.
 
Old 12-16-2006, 03:15 PM   #3
wraithe
Member
 
Registered: Feb 2006
Location: australia
Distribution: Linux... :-)
Posts: 216
Blog Entries: 1

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by acid_kewpie
maybe you would beenfit from defining what kind of internet access is required?
full access for only 2 users(email and net) and allow incoming ssh for myself...its on an xdsl connection...
not used for any other purpose...

this machine will be used for storage and to run a few applications used in training...as well as allowing the 2 users(and myself) full access in and out...there are approximately 12 winboxes on the network, unless we get a few extras donated...

Last edited by wraithe; 12-16-2006 at 03:20 PM.
 
Old 12-16-2006, 03:39 PM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
What type of router are you using. The simplest way may be to restrict access at the router. Even a Linksys router can filter by IP or MAC address. It could also forward port 22 to your computer, but I would recommend changing the port used by your ssh server. This will reduce the number of script kiddie brute force attacks against ssh. Also, as you may have done already, disallow root logins and use "AllowUsers <yourusername>" to disallow login attempts from all other users, including system users. This isn't perfect if a user changes the MAC address on their NIC deivce. You will also need to lock down the router with a username/password to keep users from changing the access controls. ( I'm not assuming you didn't realize that. )

For some general samba networking solutions, you might want to look on the samba.org website for the book "Samba 3 by Example". One of the first examples is a server setup for a non-profit office. They have a simple share setup that anyone can write to, a readonly document share, and a printer. The configuration on both the server and for various Windows OSes are covered.

On many distro's, these books are included with a samba-doc package and installed to /usr/share/doc/packages/samba/.

Something else to consider is to use samba swat to configure the server. On some distro's you might only need to enable the swat service in a gui xinetd service configuration tool. In other's you my need to add a file called swat in /etc/xinet.d/.
Code:
# SWAT is the Samba Web Administration Tool.
service swat
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/sbin/swat
        only_from       =  127.0.0.1
        log_on_failure  += USERID
}
This will allow root to use swat from the server itself. To be even safer, you could enable the service before using it and disable it afterwards. In this situation, being too paranoid may not be necessary. Sometimes, security is a good part social engineering. Being very anal could generate ill will which you wouldn't want to do in a volunteer organization.

You access the swat service by pointing a web browser to http://localhost:901. You can even use "ssh -X username@server" to log into the server and then start the browser with this IP address. This will require the browser to be installed on the server as well as a mimimal amount of xorg libraries installed as well. ( Some people don't install any x.org or gui programs at all. ).

Good Luck!

Last edited by jschiwal; 12-16-2006 at 03:40 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
shared internet connection zoffmann Linux - Networking 2 06-15-2005 04:51 PM
Using a shared internet connection from Win 2003 Server? piraya Linux - Newbie 4 10-24-2004 11:08 AM
shared internet connection w/out router 4of11 Linux - Networking 2 08-09-2004 12:47 PM
Cant get internet of shared XP connection... Dover1123 Linux - Networking 5 07-29-2004 07:07 PM
Creating a SSL connection from smb clients to a smb server scottpioso General 0 11-17-2003 02:33 PM


All times are GMT -5. The time now is 02:23 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration