On Mon, 2 Sep 2002, Jeffrey Forman wrote: > robert's recommendation sounds like the best way. i can make samba listen on > the public interface (the internet with the static ip) and just mount the > shares via that way. but: is this secure? is there some way of wrapping it > through ssh? (i've heard this concept used a lot, but never actually used it > in practice. links to url's would be greatly appreciated.) i know i could > then restrict ip access to those ports with iptables. if samba isnt the way > to go, any other suggestions?
I don't think you can tunnel the UDP portion of SMB, so you'll be able to see directory listings but no files (I've tried this... \\localhost brings up the remote shares, but you can't actually transfer anything). You can build Samba with OpenSSL support if I'm not mistaken, but not sure how Windows handles it. Never had any security problems myself, but could easily have had my passwords ripped off if someone wanted them. If you're using the UT public port authentication deal, you'll usually receive the same IP address if you frequent the same locations around campus on a regular basis... could use iptables to allow tcp 138 and 139 from a small set of IPs you know you'll have. Samba's built-in "hosts allow" feature makes browsing very slow for all hosts, use iptables instead if you go that route. --rgiles _______________________________________________ Siglinux mailing list [EMAIL PROTECTED] http://www.utacm.org/mailman/listinfo/siglinux
