On Fri, 2003-07-18 at 10:17, Cory Petkovsek wrote: > Without another firewall, the server itself should be the firewall by > compiling in netfilter. Netfilter should be here in order to block > ports that are not allowed open, even if the daemon needs to be running.
Good point. Alternatively, you may simply use IP tables to do this. > Accessing a samba share across the internet is not secure. Since you > mention it may not be behind a firewall, this means samba is available > to the internet. [snip] I am sorry, but this is not correct. The clients accessing the share through IMAP. I have a server like this running that allows only IMAP, SMTP, and HTTP through. Everything happens through port 143. For added security, install a second NIC pointing to the Intranet and route the SMB traffic. Also please note that all communications are handled via Secure Socket Layer (SSL). [snip] > > If you want remote clients to access samba remotely then freeswan For full blown access, VPN is unquestionably the best way to go. For small and medium sized business travelers who need to be nimble and for employees who want a convenient way to access documents from home, I recommend this approach. > This is true, relying on imap/ssl could provide secure remote access > without a vpn, however only with imap minus ssl disabled Right. I simply will configure "plain text" communication for my customers. It's a simple thing to just check the SSL box during the client's setup. Best, -- -------------------------------------------------------------- | Cooper Stevenson | Em: [EMAIL PROTECTED] | | Open Source Consultant | Ph: 541.924.9434 | -------------------------------------------------------------- _______________________________________________ EuG-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug