im not quite clear on this,...im running redhat 6.2,..my box has two NICS,...eth0 is my public ip and eth1 is private ip (10.0.0.1) I want samba to bind nmbd and smbd daemons to 10.0.0.1 not my public ip, for security....basically I want to run samba on my lan,..but not have the samba daemons bind to my public ip....so when u run nmap on my public ip, u don't see ports 139 and 138 open. Heres what I have now [global] workgroup = STUDIO54 encrypt passwords = yes #Networking configuration options hosts allow = 24.42.100.236 localhost interfaces = 10.0.0.1/8 bind interfaces only = yes ip 24.42.100.236 is my winNT 4.0 server this is not working,..is there something I'm leaving out?? -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 1768 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/20001109/b96a8d8c/winmail.bin
On Thu, 9 Nov 2000, digitalconscious.com wrote:> I want samba to bind nmbd and smbd daemons to 10.0.0.1 not my public ip, for > security....basically I want to run samba on my lan,..but not have the samba > daemons bind to my public ip....so when u run nmap on my public ip, u don't > see ports 139 and 138 open. >A quick and simple way is to block all traffic going to ports 139 and 138 on eth0 using ipchains: /sbin/ipchains -A input -p tcp -i eth0 -s 0.0.0.0/0 -d <your public ip> \ 137:139 -j REJECT /sbin/ipchains -A input -p udp -i eth0 -s 0.0.0.0/0 -d <your public ip> \ 137:139 -j REJECT Hope that helps, dave
Can you ping your NT server from your Linux box? As far as I can see this cannot work because your NT server is on 24.0.0.0/8 and your Linux is on 10.0.0.0/8 and these are different nets. You will have to configure your eth1 to address 24.x.x.x and say "interfaces = 24.0.0.0/8". Tobias digitalconscious.com wrote:> im not quite clear on this,...im running redhat 6.2,..my box has two > NICS,...eth0 is my public ip and eth1 is private ip (10.0.0.1) > > I want samba to bind nmbd and smbd daemons to 10.0.0.1 not my public ip, for > security....basically I want to run samba on my lan,..but not have the samba > daemons bind to my public ip....so when u run nmap on my public ip, u don't > see ports 139 and 138 open. > > Heres what I have now > > [global] > workgroup = STUDIO54 > encrypt passwords = yes > > > #Networking configuration options > hosts allow = 24.42.100.236 localhost > interfaces = 10.0.0.1/8 > bind interfaces only = yes > > > ip 24.42.100.236 is my winNT 4.0 server > > this is not working,..is there something I'm leaving out??