Date: Wed, 03 Jul 2002 20:40:33 +0200 From: Marc Perisa <perisa@porsche.de> To: adaml@visimation.com Cc: Danny Horne <danny@clifftop.net>, 'freebsd-questions' <freebsd-questions@FreeBSD.ORG> Subject: Re: Samba on firewall - any issues? Message-ID: <3D234521.8000907@porsche.de> References: <AAECJADGHMJFJLKCHNJDKEDPEBAA.danny@clifftop.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Danny Horne wrote: >>-----Original Message----- >>From: owner-freebsd-questions@FreeBSD.ORG >>[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Adam Lofstedt >>Sent: Wednesday 3 July 2002 5:40 pm >>To: 'freebsd-questions' >>Subject: Samba on firewall - any issues? >> >>I want to install Samba on BSD box to get the two systems talking. But, >>before I do something stupid, is there anything I need to know about >>putting Samba an a machine that acts as a firewall? I only want file >>sharing access on internal interface. Are there any security concerns >>in this type of situation? >> >> >> >I'm in no way an expert but you'd want to make sure Samba is only listening >on the internal interface, in the [global] section of smb.conf you'll need >something like - >interfaces = ??? (insert interface name here) >--- >Outgoing mail is certified Virus Free. >Checked by AVG anti-virus system (http://www.grisoft.com). >Version: 6.0.373 / Virus Database: 208 - Release Date: 01/07/2002 > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message > > > > > > You may also choose to change your ruleset accordingly. The problem is: if there ever is a bug in samba which allows remote shells you can get rooted. If your colleagues now them before you that will be a problem. If you changes the ipfilter rules and/or the address samba is listening perhaps samba will be available with the outside ... If you HAVE TO do it. First of all: A firewall is a machine which is used to monitor/regulate the traffic and authorize it. For that only "trusted" persons should have a account on it. It should not be exploitable - making it useless. Because of that normaly on a firewall runs NOTHING - else from firewalling. If you have the chance to build a DMZ and put the FTP/Samba server in it - do it. But not ON the firewall. Hope that helps Marc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D234521.8000907>