LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   How do I Enable Samba & NFS File Sharing Scriptsd for wired, but Disabled 4 wireless (https://www.linuxquestions.org/questions/slackware-14/how-do-i-enable-samba-and-nfs-file-sharing-scriptsd-for-wired-but-disabled-4-wireless-450996/)

Old_Fogie 06-02-2006 02:53 PM
How do I Enable Samba & NFS File Sharing Scriptsd for wired, but Disabled 4 wireless
 
Hi all,

Just wondering if anyone has a nice way of attacking this.

So when I'm wireless I have a different IP address and gateway then what the wired home lan has. But in theory if I'm on wirelessly and file sharing is on, someone can hack my laptop and I don't want that. Hence the reason I want file sharing off when I'm wireless.

Now, I normally run the laptop wireless with madwifi-pcmcia going thru hotplug. So I want file sharing off completely when I'm wireless.

When I want to hook up to my home lan, I physically pull out my wireless card, and I run the wired pcmcia NIC. So on the wired NIC I want file sharing on.

Is there anyway to do this without manually keying in the start/stop commands. Can hotplug be tweaked to do this in some way shape or form? Any ideas greatly appreciated.

edited for clarity.

gilead 06-02-2006 03:05 PM
Since your wireless IP address is different to your wired IP address, you may be able to do this with Samba's config. It supports 'hosts allow', 'hosts deny' and 'interfaces' directives that can be used to restrict who can connect. Just allow your wired IP and deny the others.

There's more info at http://us1.samba.org/samba/docs/using_samba/ch06.html, but the following may help:
Code:
Let's assume that our Samba server can access both the subnets 192.168.220.* and
134.213.233.*. Here are our additions to the configuration file to add the networking configuration options:
    [global]
        #  Networking configuration options
        hosts allow = 192.168.220. 134.213.233.
        hosts deny = 192.168.220.102
        interfaces = 192.168.220.100/255.255.255.0 \
                        134.213.233.110/255.255.255.0
        bind interfaces only = yes
Take a look at the hosts allow and hosts deny options. If these options sound familiar, you're
probably thinking of the hosts.allow and hosts.deny files that are found in the /etc directories
of many Unix systems. The purpose of these options is identical to those files; they provide a
means of security by allowing or denying the connections of other hosts based on their IP
addresses. We could use the hosts.allow and hosts.deny files, but we are using this method
instead because there might be services on the server that we want others to access without also
giving them access to Samba's disk or printer shares.

With the hosts allow option, we've specified a 192.168.220 IP address, which is equivalent to
saying: "All hosts on the 192.168.220 subnet." However, we've explicitly specified in a hosts
deny line that 192.168.220.102 is not to be allowed access.

cwwilson721 06-02-2006 06:13 PM
Remember those scripts I told you about from Eric for running the ethernet cable/wireless?

http://www.slackware.com/~alien/rc_scripts/

Edit /etc/rc.d/ifcfg/ifplugd.sh as such:
Code:
INTERFACE=$1
ACTION=$2
RETURN=${RETURN:-0}

pre() {
  # Start ifplugd before Slackware has a chance to setup the interface.
  # This way, ifplugd will determine when the time is right to do so
  # (the interface cable might be unplugged on boot)
  # if [ ! -e /var/run/ifplugd.${INTERFACE}.pid ]; then # does not catch the 1st instance
  if ! ps ax |grep "ifplugd ${INTERFACE}" |grep -v grep 1>/dev/null; then
    echo "Running ifplugd to monitor $INTERFACE"
    /usr/sbin/ifplugd $INTERFACE
    RETURN=1
  fi
}
(insert your script to start nfs and samba here, then leave rest of script alone)
That will also run the script if you insert the ethernet cable while laptop is on.

I love the way Eric has it work.....

EDIT****** WAIT!!!!!

I don't think that will work there......

ERIC!!! Ideas?

Old_Fogie 06-03-2006 02:30 PM
thanks gilead that makes sense, i'm going to give that a shot.

that seems like a nice fix for the moment.

however, long term I'd like to have the sharing off completely on the wireless adapter.

reason being, a hacker sitting accross from you at a wifi hot spot ping you on share ports get's a deny reply and not an empty gap. now he knows port on said ip is replying and then goe's from there.

plus, i'd like to have less stuff running on this old laptop :D

thanks.

gilead 06-03-2006 04:59 PM
I might be misunderstanding what you want to achieve, but you can specify interfaces by name instead of by IP address in the smb.conf file. For example:
Code:
interfaces = eth0 lo
bind interfaces only = yes

Alien Bob 06-03-2006 05:40 PM
Gilead's comment on enabling Samba to listen only on non-wireless interfaces:
Quote:
interfaces = eth0 lo
bind interfaces only = yes
as well as limiting access to hosts within the wired IP range:
Quote:
hosts allow = 192.168.220.
can be combined to give you double safety.

But also consider running a firewall on the wireless interface that just disables access to the samba ports (or better, denies incoming traffic to all ports except possibly ssh).

NOTE cwwilson721, that ifplugd.sh script contained a bug and a more recent version is available for download...

Eric

cwwilson721 06-03-2006 07:35 PM
Quote:
Originally Posted by Alien Bob
NOTE cwwilson721, that ifplugd.sh script contained a bug and a more recent version is available for download...

Eric
Thanks. Already got it. Works PERFECT.

Old_Fogie 06-03-2006 09:00 PM
Awesome guys, thank you.

I'm trying to use good habits you know.


All times are GMT -5. The time now is 06:32 PM.