-----BEGIN PGP SIGNED MESSAGE----- On Thu, 18 Oct 2001, Pedro Corte-Real wrote:
> > > I asked if it was possible to hear broadcast packages without binding to > > > 0.0.0.0 (all interfaces) but to 192.168.1.0 instead. Anyone know? > That alone produces a config where samba listens on 0.0.0.0:137-138. > I reported that as a bug and got an awnser that to listen to broadcasts you > actualy had to bind like that. I find that odd since every interface has a > broadcast address. Any guru out there care to enlighten me? Not a guru, but I tried with Stevens, UNIX network Programming, Vol. 1, and I also used Google, and found the behaviour the system SHOULD show: http://samba.he.net/using_samba/ch04_06.html [snip] Finally, the bind interfaces only option instructs the nmbd process not to accept any broadcast messages other than those subnets specified with the interfaces option. Note that this is different from the hosts allow and hosts deny options, which prevent machines from making connections to services, but not from receiving broadcast messages. Using the bind interfaces only option is a way to shut out even datagrams from foreign subnets from being received by the Samba server. In addition, it instructs the smbd process to bind to only the interface list given by the interfaces option. This restricts the networks that Samba will serve. [snip] However, I think that such options in the daemon are not an appropriate security measure. You might want to set up strict firewall rules to prevent any outsider from connecting to your SAMBA machine. Running SAMBA on the same machine as your Firewall is *evil*, but I admit that many small businesses with one-box-for-everything will use such a setup... regards Alex - -- People often think of research as a form of development -- that it's about doing exactly what you planned, doing it on time, and doing it with resources that you said you'd use. But if you're going to do that, you have to know what you are doing, and if you know what you are doing, it isn't really research." --Dave Liddle, The New Yorker, Feb. 23/Mar.2, 1998, p84 -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBO9BNaGWTYnZjEXP1AQFuZgP+Pd3WWMVzB4IlhGVH3w4w3Zp8idC/+kZY 6Vkmqpr9OUHy0b7lPu5Osv8pJRKcdPoMYgbcUIei/P7jeFwCeoGO4oqwGS6tNm3D CGY3JHcG9xLW2GTr2js6DrJONSVCqANSlO+5gsnab13HoX40cwlHB9DGTU2RAROC GEUSuns8qMY= =iCD9 -----END PGP SIGNATURE-----
