Interesting Samba Question...
Dear all, I have a small network running Samba 3.0.2 on SuSE 9.1 and everything is working just PERFECT!!!! I am so proud to have Linux doing the most important job of all!! Now I am faced with a very good problem. I have a sales' man who has a laptop and wants to be able to work over the internet (via high speed connections DSL etc) on the Samba server. The linux machine is running a firewall and no connections what-so-ever are allowed from the internet. LAN requests are forwarded to the internet via squid so I have everything under control. At first I thought of entering in Samba the IP of his DSL connection so that only that IP would be allowed access from the outside - internet. Then again, I am too paranoid about security so I wanted to add a layer of security on top of that. Thought of SSL or something on those lines... Am too confused and too much of a roockie to take my chances. He has a Laptop running Win-2000 and he wants to connect and map all drives of the Samba server over the internet. i.e. be able to work from anywhere practicaly in the world as if he is at the office. Internet services are not my concern at this point. Can someone please help me on what to read?? Is there an online step-by-step guide that explains how one can do something like this using SSL? Digital certificates are always on my mind but I don't know how since I have never used the software that comes with linux for digital certificates etc ... Has anyone done anything like this before and could help me by sharing his experiences? Any help would be deeply appreciated!!! I thank you all in advance for your help! Chris
On Mon, Aug 23, 2004 at 04:59:41PM +0300, Chris Roubekas wrote: [snip]
He has a Laptop running Win-2000 and he wants to connect and map all drives of the Samba server over the internet. i.e. be able to work from anywhere practicaly in the world as if he is at the office. Internet services are not my concern at this point.
Can someone please help me on what to read?? Is there an online step-by-step guide that explains how one can do something like this using SSL? Digital certificates are always on my mind but I don't know how since I have never used the software that comes with linux for digital certificates etc ... Has anyone done anything like this before and could help me by sharing his experiences?
You want to set up a VPN, so his laptop appears to be part of your LAN, even though it's not. The VPN handles the authentication and encyption, so you don't have to worry (any more) about that in Samba. Do some reading on VPNs and IPSec. Make sure the user is clued up on proper IT security, so that their laptop doesn't become a way to bypass your firewalling (e.g. user gets virus from open internet, then connects to your LAN, transferring it in). HTH... -- David Smith Work Email: Dave.Smith@st.com STMicroelectronics Home Email: David.Smith@ds-electronics.co.uk Bristol, England GPG Key: 0xF13192F2
David wrote regarding 'Re: [SLE] Interesting Samba Question...' on Mon, Aug 23 at 09:12:
On Mon, Aug 23, 2004 at 04:59:41PM +0300, Chris Roubekas wrote: [snip]
He has a Laptop running Win-2000 and he wants to connect and map all drives of the Samba server over the internet. i.e. be able to work from anywhere practicaly in the world as if he is at the office. Internet services are not my concern at this point.
[...]
You want to set up a VPN, so his laptop appears to be part of your LAN, [...] Make sure the user is clued up on proper IT security, so that their laptop doesn't become a way to bypass your firewalling (e.g. user gets virus from open internet, then connects to your LAN, transferring it in).
Ideally, you want to firwall the VPN connections so that they're treated more like "kinda trusted but not really" rather than either "completely untrusted internet" or "trusted completely LAN". That's something to keep in mind when setting the VPN up... --Danny
http://www.novell.com/coolsolutions/ifmag/
I'd take a look at Novell's iFolder. Allows synchronization of files
between desktop and server. Why would you beat yourself trying to access
files across the Internet when you can just sync them locally all of the
time - allowing for constant backup of his laptop?
Jon Johnston
Creative Business Solutions
IBM, Microsoft Novell Consulting
http://www.cbsol.com
952-544-1108
Blog: http://bingo.cbsol.com
Danny Sauer
David wrote regarding 'Re: [SLE] Interesting Samba Question...' on Mon, Aug 23 at 09:12:
On Mon, Aug 23, 2004 at 04:59:41PM +0300, Chris Roubekas wrote: [snip]
He has a Laptop running Win-2000 and he wants to connect and map all drives of the Samba server over the internet. i.e. be able to work from anywhere practicaly in the world as if he is at the office. Internet services are not my concern at this point.
[...]
You want to set up a VPN, so his laptop appears to be part of your LAN, [...] Make sure the user is clued up on proper IT security, so that their laptop doesn't become a way to bypass your firewalling (e.g. user gets virus from open internet, then connects to your LAN, transferring it in).
Ideally, you want to firwall the VPN connections so that they're treated more like "kinda trusted but not really" rather than either "completely untrusted internet" or "trusted completely LAN". That's something to keep in mind when setting the VPN up...
--Danny
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
On Monday 23 August 2004 15:59, Chris Roubekas wrote:
Now I am faced with a very good problem. I have a sales' man who has a laptop and wants to be able to work over the internet (via high speed connections DSL etc) on the Samba server. The linux machine is running a firewall and no connections what-so-ever are allowed from the internet. LAN requests are forwarded to the internet via squid so I have everything under control.
Does the Samba server handle your internet connection/firewall too, or is that a different box? I would use a separate box for that and put a vpn server on that. That way he could have access to all the services inside the lan without you having to make those services open on your gateway. -- Kind regards Hans du Plooy Newington Consulting Services hansdp at newingtoncs dot co dot za
Here's another option... On 2004/08/23, at 22:59, Chris Roubekas wrote: [snip]
He has a Laptop running Win-2000 and he wants to connect and map all drives of the Samba server over the internet. i.e. be able to work from anywhere practicaly in the world as if he is at the office. Internet services are not my concern at this point.
[/snip] Try this combination. Inside the LAN: Samba Outside the LAN: Apache+WebDAV+SSL And there's a (commercial) software called WebDrive that'll make his life easier connecting from his laptop. -- - E -
Chris Roubekas wrote:
Dear all,
I have a small network running Samba 3.0.2 on SuSE 9.1 and everything is working just PERFECT!!!! I am so proud to have Linux doing the most important job of all!!
Now I am faced with a very good problem. I have a sales' man who has a laptop and wants to be able to work over the internet (via high speed connections DSL etc) on the Samba server. The linux machine is running a firewall and no connections what-so-ever are allowed from the internet. LAN requests are forwarded to the internet via squid so I have everything under control.
If no connections from the internet are allowed, how do you plan to use ssh? If you can get permission, you might want to look at a VPN.
Look at poptop VPN it should be on your cd's or is easy to install. You will
have to open port 1723 to allow the vpn to work, but with the PAP of CHAP
authentication, there is really no big issue there.
--
David C. Rankin, J.D., P.E.
RANKIN * BERTIN, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
(936) 715-9333
(936) 715-9339 fax
www.rankin-bertin.com
--
----- Original Message -----
From: "James Knott"
Chris Roubekas wrote:
Dear all,
I have a small network running Samba 3.0.2 on SuSE 9.1 and everything is working just PERFECT!!!! I am so proud to have Linux doing the most important job of all!!
Now I am faced with a very good problem. I have a sales' man who has a laptop and wants to be able to work over the internet (via high speed connections DSL etc) on the Samba server. The linux machine is running a firewall and no connections what-so-ever are allowed from the internet. LAN requests are forwarded to the internet via squid so I have everything under control.
If no connections from the internet are allowed, how do you plan to use ssh? If you can get permission, you might want to look at a VPN.
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com
David Rankin wrote:
Look at poptop VPN it should be on your cd's or is easy to install. You will have to open port 1723 to allow the vpn to work, but with the PAP of CHAP authentication, there is really no big issue there.
I use OpenVPN. It works fine.
On Monday 23 August 2004 01:00 pm, James Knott wrote:
David Rankin wrote:
Look at poptop VPN it should be on your cd's or is easy to install. You will have to open port 1723 to allow the vpn to work, but with the PAP of CHAP authentication, there is really no big issue there.
I use OpenVPN. It works fine.
And its WAY easier to set up than other ipsec solutions. Highly recommended. -- _____________________________________ John Andersen
Personally, I would avoid giving the user remote access to the network unless he really knew what he is doing and you really really trust him. Instead, I would allow him to controll his Office Pc, remotetly. If you got Windows XP Pro, on the pc, he can work on the PC as if he was there via RDP. If not, you can use VNC. In either case, allowing him only to use his office pc remotetly removes most of the security concerns from opening up your network. Jerry P.S. I personally, work remote this way so I know it's possible 8-) On Mon, 2004-08-23 at 15:59, Chris Roubekas wrote:
Dear all,
I have a small network running Samba 3.0.2 on SuSE 9.1 and everything is working just PERFECT!!!! I am so proud to have Linux doing the most important job of all!!
Now I am faced with a very good problem. I have a sales' man who has a laptop and wants to be able to work over the internet (via high speed connections DSL etc) on the Samba server. The linux machine is running a firewall and no connections what-so-ever are allowed from the internet. LAN requests are forwarded to the internet via squid so I have everything under control.
At first I thought of entering in Samba the IP of his DSL connection so that only that IP would be allowed access from the outside - internet. Then again, I am too paranoid about security so I wanted to add a layer of security on top of that.
Thought of SSL or something on those lines... Am too confused and too much of a roockie to take my chances.
He has a Laptop running Win-2000 and he wants to connect and map all drives of the Samba server over the internet. i.e. be able to work from anywhere practicaly in the world as if he is at the office. Internet services are not my concern at this point.
Can someone please help me on what to read?? Is there an online step-by-step guide that explains how one can do something like this using SSL? Digital certificates are always on my mind but I don't know how since I have never used the software that comes with linux for digital certificates etc ... Has anyone done anything like this before and could help me by sharing his experiences?
Any help would be deeply appreciated!!!
I thank you all in advance for your help!
Chris
participants (10)
-
- Edwin -
-
Chris Roubekas
-
Danny Sauer
-
David Rankin
-
David SMITH
-
Hans du Plooy
-
James Knott
-
Jerome R. Westrick
-
John Andersen
-
jonlists