LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 08-07-2007, 09:29 AM   #1
dgr
LQ Newbie
 
Registered: Aug 2007
Posts: 25

Rep: Reputation: 15
restrict Samba access to only certain LAN IP addresses?


hello,

I apologize if this has been answered before, I'm a relatively new Samba user.
Is it possible to restrict access to Samba shares across a Windows network to only certain IP addresses in a list I would give it? My boss wants our new Linux server to only give share access to a /u/sting/ subdirectory on it to just a handful of computers on the office LAN, not the entire office and definitely not people outside of the office on the interent, since we have data on the sever that needs to stay very Secure.
Can anyone tell me the steps I would take to make this type of IP-address-based security happen?

thanks in advance,
david
 
Old 08-07-2007, 09:35 AM   #2
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
Yes, you would use the Samba global variable "hosts allow".

This can be be used to list acceptable hosts, like:

Code:
hosts allow = 192.168.1.1 192.168.1.2
Or give a range of IPs:

Code:
hosts allow = 192.168.1.
There is also "hosts deny", which is the exact opposite. There you name hosts or networks that are not allowed to access the server.

If your machine has two interfaces (one on the LAN, one on the Internet) then you may also want to look into binding Samba to only a single interface. For example, to bind Samba to localhost and eth0, you would add the following lines to smb.conf:

Code:
interfaces = lo eth0
bind interfaces only = yes
 
Old 08-07-2007, 09:42 AM   #3
dgr
LQ Newbie
 
Registered: Aug 2007
Posts: 25

Original Poster
Rep: Reputation: 15
MS3FGX:
hello, thank you for the quick reply.

regarding the interfaces question, all LAN and internet traffic goes through one ethernet port.

regarding the hosts allow and hosts deny statements, where are those stored so I can edit those (in a text editor I assume?)? Is there a hosts deny syntax I could use to restrict all traffic that's not 192.168.1.###?

thanks,
david
 
Old 08-07-2007, 10:00 AM   #4
MS3FGX
Guru
 
Registered: Jan 2004
Location: NJ, USA
Distribution: Slackware, Debian
Posts: 5,852

Rep: Reputation: 351Reputation: 351Reputation: 351Reputation: 351
You would change them in the Samba configuration file, which should be located at /etc/samba/smb.conf.

As for blocking different IPs/ranges, you simply need to enter in whatever IPs are appropriate for your network. I only used the 192.x addresses as an example.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba: How to restrict access to server via MAC-address? johnny1959 Linux - Networking 5 03-27-2008 04:43 AM
Restrict access times for specific IP addresses? gjhicks Linux - Networking 11 11-02-2006 10:42 PM
Restrict Access to Internet from one computer on LAN fuzzie Linux - Networking 1 06-06-2004 02:16 AM
How to restrict website access in a LAN? mummrra Linux - Networking 3 12-05-2003 01:56 PM
How do I restrict ssh access to certain ip addresses? 360 Linux - Networking 5 04-05-2002 08:04 AM


All times are GMT -5. The time now is 07:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration