-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > This is not politics. It is practicality. You are using a fairly large > suite of programs to do a fairly small job. samba is 6254K installed, > lprng is 3580K installed, lpr is 348K installed. The biggest, most > complex program that does the most things is also likely to be the most > security problematic. lprng is one hell of a lot bigger and cruftier than > I would like, but has made a real effort at security.
I don't actualy need samba for printing, it's being used (for printing) because I can but Win2000 can print with IPP thus directly to cups. The problem is that I also use some filesystem exports. But I guess that if I *MUST* I'll drop samba but I'd rather not lose that functionality > > > I asked if it was possible to hear broadcast packages without binding to > > 0.0.0.0 (all interfaces) but to 192.168.1.0 instead. Anyone know? > > See: > http://www.linuxdoc.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1. >3/chap29sec284.html > > Look at : > bind interfaces only = True > > The option bind interfaces only if set to True, allows you to > limit what interfaces will serve smb requests. This is a security > feature. The configuration option interfaces = eth0 192.168.1.1 > below completes this option. > > interfaces = eth0 192.168.1.1 > > The option interfaces allows you to override the default network > interface list that Samba will use for browsing, name registration > and other NBT traffic. By default, Samba will query the kernel for > the list of all active interfaces and use any interface, except > 127.0.0.1, that is broadcast capable. With this option, Samba will > only listen on interface eth0 on the IP address 192.168.1.1. This > is a security feature, and completes the above configuration option > bind interfaces only = True. > > So, it would appear so. That alone produces a config where samba listens on 0.0.0.0:137-138. I reported that as a bug and got an awnser that to listen to broadcasts you actualy had to bind like that. I find that odd since every interface has a broadcast address. Any guru out there care to enlighten me? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7z0GR2SBo0jBmgGARAjM6AJ97qQgYJ4t9jM4z/fpBjy2FbUbOuQCg4DCm 7G27c7Ntp1/SdkTJm9r2nig= =1pTy -----END PGP SIGNATURE-----
