How do I Enable Samba & NFS File Sharing Scriptsd for wired, but Disabled 4 wireless
Hi all,
Just wondering if anyone has a nice way of attacking this. So when I'm wireless I have a different IP address and gateway then what the wired home lan has. But in theory if I'm on wirelessly and file sharing is on, someone can hack my laptop and I don't want that. Hence the reason I want file sharing off when I'm wireless. Now, I normally run the laptop wireless with madwifi-pcmcia going thru hotplug. So I want file sharing off completely when I'm wireless. When I want to hook up to my home lan, I physically pull out my wireless card, and I run the wired pcmcia NIC. So on the wired NIC I want file sharing on. Is there anyway to do this without manually keying in the start/stop commands. Can hotplug be tweaked to do this in some way shape or form? Any ideas greatly appreciated. edited for clarity. |
Since your wireless IP address is different to your wired IP address, you may be able to do this with Samba's config. It supports 'hosts allow', 'hosts deny' and 'interfaces' directives that can be used to restrict who can connect. Just allow your wired IP and deny the others.
There's more info at http://us1.samba.org/samba/docs/using_samba/ch06.html, but the following may help: Code:
Let's assume that our Samba server can access both the subnets 192.168.220.* and |
Remember those scripts I told you about from Eric for running the ethernet cable/wireless?
http://www.slackware.com/~alien/rc_scripts/ Edit /etc/rc.d/ifcfg/ifplugd.sh as such: Code:
INTERFACE=$1 I love the way Eric has it work..... EDIT****** WAIT!!!!! I don't think that will work there...... ERIC!!! Ideas? |
thanks gilead that makes sense, i'm going to give that a shot.
that seems like a nice fix for the moment. however, long term I'd like to have the sharing off completely on the wireless adapter. reason being, a hacker sitting accross from you at a wifi hot spot ping you on share ports get's a deny reply and not an empty gap. now he knows port on said ip is replying and then goe's from there. plus, i'd like to have less stuff running on this old laptop :D thanks. |
I might be misunderstanding what you want to achieve, but you can specify interfaces by name instead of by IP address in the smb.conf file. For example:
Code:
interfaces = eth0 lo |
Gilead's comment on enabling Samba to listen only on non-wireless interfaces:
Quote:
Quote:
But also consider running a firewall on the wireless interface that just disables access to the samba ports (or better, denies incoming traffic to all ports except possibly ssh). NOTE cwwilson721, that ifplugd.sh script contained a bug and a more recent version is available for download... Eric |
Quote:
|
Awesome guys, thank you.
I'm trying to use good habits you know. |
All times are GMT -5. The time now is 09:10 AM. |