LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 06-02-2006, 02:53 PM   #1
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,515

Rep: Reputation: 62
How do I Enable Samba & NFS File Sharing Scriptsd for wired, but Disabled 4 wireless


Hi all,

Just wondering if anyone has a nice way of attacking this.

So when I'm wireless I have a different IP address and gateway then what the wired home lan has. But in theory if I'm on wirelessly and file sharing is on, someone can hack my laptop and I don't want that. Hence the reason I want file sharing off when I'm wireless.

Now, I normally run the laptop wireless with madwifi-pcmcia going thru hotplug. So I want file sharing off completely when I'm wireless.

When I want to hook up to my home lan, I physically pull out my wireless card, and I run the wired pcmcia NIC. So on the wired NIC I want file sharing on.

Is there anyway to do this without manually keying in the start/stop commands. Can hotplug be tweaked to do this in some way shape or form? Any ideas greatly appreciated.

edited for clarity.

Last edited by Old_Fogie; 06-10-2006 at 04:27 PM.
 
Old 06-02-2006, 03:05 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
Since your wireless IP address is different to your wired IP address, you may be able to do this with Samba's config. It supports 'hosts allow', 'hosts deny' and 'interfaces' directives that can be used to restrict who can connect. Just allow your wired IP and deny the others.

There's more info at http://us1.samba.org/samba/docs/using_samba/ch06.html, but the following may help:
Code:
Let's assume that our Samba server can access both the subnets 192.168.220.* and 
134.213.233.*. Here are our additions to the configuration file to add the networking configuration options:
    [global]
        #  Networking configuration options
        hosts allow = 192.168.220. 134.213.233.
        hosts deny = 192.168.220.102
        interfaces = 192.168.220.100/255.255.255.0 \
                        134.213.233.110/255.255.255.0
        bind interfaces only = yes
Take a look at the hosts allow and hosts deny options. If these options sound familiar, you're 
probably thinking of the hosts.allow and hosts.deny files that are found in the /etc directories 
of many Unix systems. The purpose of these options is identical to those files; they provide a 
means of security by allowing or denying the connections of other hosts based on their IP 
addresses. We could use the hosts.allow and hosts.deny files, but we are using this method 
instead because there might be services on the server that we want others to access without also 
giving them access to Samba's disk or printer shares.

With the hosts allow option, we've specified a 192.168.220 IP address, which is equivalent to 
saying: "All hosts on the 192.168.220 subnet." However, we've explicitly specified in a hosts 
deny line that 192.168.220.102 is not to be allowed access.
 
Old 06-02-2006, 06:13 PM   #3
cwwilson721
Senior Member
 
Registered: Dec 2004
Location: In my house.
Distribution: Ubuntu 10.10 64bit, Slackware 13.1 64-bit
Posts: 2,649
Blog Entries: 1

Rep: Reputation: 65
Remember those scripts I told you about from Eric for running the ethernet cable/wireless?

http://www.slackware.com/~alien/rc_scripts/

Edit /etc/rc.d/ifcfg/ifplugd.sh as such:
Code:
INTERFACE=$1
ACTION=$2
RETURN=${RETURN:-0}

pre() {
  # Start ifplugd before Slackware has a chance to setup the interface.
  # This way, ifplugd will determine when the time is right to do so
  # (the interface cable might be unplugged on boot)
  # if [ ! -e /var/run/ifplugd.${INTERFACE}.pid ]; then # does not catch the 1st instance
  if ! ps ax |grep "ifplugd ${INTERFACE}" |grep -v grep 1>/dev/null; then 
    echo "Running ifplugd to monitor $INTERFACE"
    /usr/sbin/ifplugd $INTERFACE
    RETURN=1
  fi
}
(insert your script to start nfs and samba here, then leave rest of script alone)
That will also run the script if you insert the ethernet cable while laptop is on.

I love the way Eric has it work.....

EDIT****** WAIT!!!!!

I don't think that will work there......

ERIC!!! Ideas?

Last edited by cwwilson721; 06-02-2006 at 06:17 PM.
 
Old 06-03-2006, 02:30 PM   #4
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,515

Original Poster
Rep: Reputation: 62
thanks gilead that makes sense, i'm going to give that a shot.

that seems like a nice fix for the moment.

however, long term I'd like to have the sharing off completely on the wireless adapter.

reason being, a hacker sitting accross from you at a wifi hot spot ping you on share ports get's a deny reply and not an empty gap. now he knows port on said ip is replying and then goe's from there.

plus, i'd like to have less stuff running on this old laptop

thanks.

Last edited by Old_Fogie; 06-10-2006 at 04:28 PM.
 
Old 06-03-2006, 04:59 PM   #5
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,123

Rep: Reputation: 151Reputation: 151
I might be misunderstanding what you want to achieve, but you can specify interfaces by name instead of by IP address in the smb.conf file. For example:
Code:
interfaces = eth0 lo
bind interfaces only = yes
 
Old 06-03-2006, 05:40 PM   #6
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 5,189

Rep: Reputation: Disabled
Gilead's comment on enabling Samba to listen only on non-wireless interfaces:
Quote:
interfaces = eth0 lo
bind interfaces only = yes
as well as limiting access to hosts within the wired IP range:
Quote:
hosts allow = 192.168.220.
can be combined to give you double safety.

But also consider running a firewall on the wireless interface that just disables access to the samba ports (or better, denies incoming traffic to all ports except possibly ssh).

NOTE cwwilson721, that ifplugd.sh script contained a bug and a more recent version is available for download...

Eric
 
Old 06-03-2006, 07:35 PM   #7
cwwilson721
Senior Member
 
Registered: Dec 2004
Location: In my house.
Distribution: Ubuntu 10.10 64bit, Slackware 13.1 64-bit
Posts: 2,649
Blog Entries: 1

Rep: Reputation: 65
Quote:
Originally Posted by Alien Bob
NOTE cwwilson721, that ifplugd.sh script contained a bug and a more recent version is available for download...

Eric
Thanks. Already got it. Works PERFECT.
 
Old 06-03-2006, 09:00 PM   #8
Old_Fogie
Senior Member
 
Registered: Mar 2006
Distribution: SLACKWARE 4TW! =D
Posts: 1,515

Original Poster
Rep: Reputation: 62
Awesome guys, thank you.

I'm trying to use good habits you know.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't connect if wired & wireless both installed nelamvr6 Linux - Wireless Networking 3 11-17-2005 08:25 PM
samba w/printer & file sharing ? westverg Linux - Networking 8 05-12-2005 10:42 PM
Wireless Laptop to Wired ethernet via Linux PC (wired/wireless) sambartle Linux - Wireless Networking 0 01-30-2005 04:37 AM
wired & wireless different subnets rickenbacherus Linux - Wireless Networking 2 11-10-2004 06:45 AM
Wired and Wireless file transfer ksalopek Linux - Wireless Networking 0 02-06-2004 02:48 PM


All times are GMT -5. The time now is 09:21 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration