Mailinglist Archive: opensuse-security (606 mails)
| < Previous | Next > |
Re: [suse-security] Re: samba on firewall
- From: Gerhard Sittig <Gerhard.Sittig@xxxxxxx>
- Date: Tue, 17 Apr 2001 18:33:47 +0200
- Message-id: <20010417183347.N20830@xxxxxxxxxxxxx>
On Tue, Apr 17, 2001 at 13:00 +0200, Markus Gaugusch wrote:
>
> you can configure samba to listen only on the internal
> interface.
Oh? How so?
Not to sound too stupid: I'm well aware of the "interfaces" and
"bind interfaces only" settings in /etc/smb.conf. But in my
experience Samba doesn't care about the administrator's wishes in
this very respect. By no means could I get it to stop listenling
on "*". And yes, I'm sick of Samba needing "localhost" and
"127.0.0.1" for no valid / plausible(id?) reasons. There's too
much of implicit thinking in the design and concept, sold as
"features" for the administrators "simply expecting the software
to run without any further and most of all consistent
configuration" ...
BTW: no, I wouldn't run Samba on a router / filtering machine
nor would I try to do Samba with external partners without some
tunnel. So I don't want to support the original question. :)
Instead I would suggest a different mechanism. Unless this is
some internal router between in house departments, but why would
it filter at all when leaving wholes for Samba?
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@xxxxxxx
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
>
> you can configure samba to listen only on the internal
> interface.
Oh? How so?
Not to sound too stupid: I'm well aware of the "interfaces" and
"bind interfaces only" settings in /etc/smb.conf. But in my
experience Samba doesn't care about the administrator's wishes in
this very respect. By no means could I get it to stop listenling
on "*". And yes, I'm sick of Samba needing "localhost" and
"127.0.0.1" for no valid / plausible(id?) reasons. There's too
much of implicit thinking in the design and concept, sold as
"features" for the administrators "simply expecting the software
to run without any further and most of all consistent
configuration" ...
BTW: no, I wouldn't run Samba on a router / filtering machine
nor would I try to do Samba with external partners without some
tunnel. So I don't want to support the original question. :)
Instead I would suggest a different mechanism. Unless this is
some internal router between in house departments, but why would
it filter at all when leaving wholes for Samba?
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@xxxxxxx
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
| < Previous | Next > |