Hi there, We have Samba 2.07 running wonderfully on SuSE linux in an internal network of Windows crap everywhere (98/NT/2000/ME/...) However to protect ourselves from the the outside world, I only allow connections from an internal range of Class C addresses. (192.168...) on an internal ethernet card. Nothing else is permitted. However to manage the site it would be nice to be able to use SWAT from the Internet and connect to an external ethernet interface on port 901 and ONLY allow transactions to port 901 and not 137/138/139 on that ethernet card. Is there a way WITHOUT using IPCHAINS and WITHOUT enabling smb ethernet access on the external ethernet card.
Bruce wrote:> Hi there, > We have Samba 2.07 running wonderfully on SuSE linux in an internal network of > Windows crap everywhere (98/NT/2000/ME/...) However to protect ourselves > from the the outside world, I only allow connections from an internal range > of Class C addresses. (192.168...) on an internal ethernet card. Nothing > else is permitted. > > However to manage the site it would be nice to be able to use SWAT from the > Internet and connect to an external ethernet interface on port 901 and ONLY > allow transactions to port 901 and not 137/138/139 on that ethernet card. > > Is there a way WITHOUT using IPCHAINS and WITHOUT enabling smb ethernet access > on the external ethernet card.Yes, configure your firewall. You DO have a firewall between all that netbios nonsense and the internet, don't you?
Thanks Martin, Yes we have a heavy duty block on anything 137/138/139 amongst others. We average 7500 attempted "hackhits" per week. Thats why I asked the question. Regards, Bruce.>Bruce wrote: > >> Hi there, >> We have Samba 2.07 running wonderfully on SuSE linux in an internal >>network of >> Windows crap everywhere (98/NT/2000/ME/...) However to protect ourselves >> from the the outside world, I only allow connections from an internal range >> of Class C addresses. (192.168...) on an internal ethernet card. Nothing >> else is permitted. >> >> However to manage the site it would be nice to be able to use SWAT from the >> Internet and connect to an external ethernet interface on port 901 and ONLY >> allow transactions to port 901 and not 137/138/139 on that ethernet card. >> >> Is there a way WITHOUT using IPCHAINS and WITHOUT enabling smb ethernet >>access >> on the external ethernet card. > >Yes, configure your firewall. You DO have a firewall between all that >netbios nonsense and the internet, don't you?