On 5/11/12 11:10 AM, Lew Wolfgang wrote:
On 11/04/2012 04:01 AM, Otto Rodusek wrote:
Hi ListMates,
Would anyone know if it's possible to create firewall rules to allow only certain IP address to enter my Linux Server (Opensuse 12.2 x86_64) running samba (3.6.7-48.12.1.x86_64) from outside so that I can map samba shares from remote locations (windows XP). For example, I would like to ONLY allow ip address 94.90.115.82 (ports tcp 139 & 445) and drop all other ip address trying to access those ports. Actually, I have 3 remote locations so there would actually be 3 different ip addresses to define. Thanks for any help. Best regards.
Hi Otto,
Being "able" to do this is one thing, but the question "should" you do it is another. Microsoft networking (SMB) was designed for use on local subnets, and barely worked there. I've heard that SMB doesn't do well with long round-trip packet times, maybe other protocols like webdav might be a better choice?
Security is another potential problem. Limiting access to specified IP address would certainly help, but AFAIK the traffic itself isn't encrypted. Setting up a VPN, which does encrypt traffic, would be a much safer choice.
Regards, Lew
Hi Lew, Yep, I have already considered all the above. Right now I have a situation where I have a user (A) that has an HP-MSR900 router with a 20Mbps synchronous (both upload/download) connection with fixed IP address (1 Linux Opensuse 12.2 server and 8 windows XP users), and 2 remote users (B - 1 windows XP user) & (C - 1 windows 7 user), both have a Cisco 881 router with a 10Mbps synchronous connection and also fixed IP addresses. I need to connect to a common database used by all users (A, B & C) on the Linux system using a Samba share, and I need to check the relative performance, so I want to set up a very simple method to perform this test. Once completed and satisfied, I definitely plan to get a VPN in place (B --> A & C --> A) and connect the samba share as if "locally" connected. The reason I don't do this now is I've little expertise in setting up the Cisco routers (the CISCO GUI sucks big time and is completely unusable to set up the VPN and as such requires CISCO IOS CLI expertise to set up and hence a cost involved to get that done and until I'm satisfied of performance I don't want to waste my customer's $$$$). I definitely want to implement a "hardware" VPN solution via the router software, versus using - say pptpd on Opensuse - as I want as little as possible user interaction. Again, I'd like to thank you for your comments and suggestions (which I do hope to eventually implement). Otto. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org