Date: Sat, 11 Dec 1999 17:24:58 -0500 (EST) From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: tforrest@mcs.net (Tommy Forrest - KE4PYM) Cc: freebsd-questions@FreeBSD.ORG (freebsd-questions@freebsd.org) Subject: Re: Samba Message-ID: <199912112224.RAA69260@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <199912112127.PAA97170@Mailbox.mcs.net> from Tommy Forrest - KE4PYM at "Dec 11, 1999 04:27:08 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Tommy Forrest - KE4PYM wrote,
> Is it possible to have Samba only bind to one interface and not the
> other?
RTFM, smb.conf(5)
bind interfaces only (G)
This global parameter allows the Samba admin to
limit what interfaces on a machine will serve smb
requests. If affects file service smbd and name
service nmbd in slightly different ways.
For name service it causes nmbd to bind to ports
137 and 138 on the interfaces listed in the 'inter-
faces' parameter. nmbd also binds to the 'all
addresses' interface (0.0.0.0) on ports 137 and 138
for the purposes of reading broadcast messages. If
this option is not set then nmbd will service name
requests on all of these sockets. If "bind inter-
faces only" is set then nmbd will check the source
address of any packets coming in on the broadcast
sockets and discard any that don't match the broad-
cast addresses of the interfaces in the 'inter-
faces' parameter list. As unicast packets are
received on the other sockets it allows nmbd to
refuse to serve names to machines that send packets
that arrive through any interfaces not listed in
the "interfaces" list. IP Source address spoofing
does defeat this simple check, however so it must
not be used seriously as a security feature for
nmbd.
For file service it causes smbd to bind only to the
interface list given in the 'interfaces' parameter.
This restricts the networks that smbd will serve to
packets coming in those interfaces. Note that you
should not use this parameter for machines that are
serving PPP or other intermittent or non-broadcast
network interfaces as it will not cope with non-
permanent interfaces.
If "bind interfaces only" is set then unless the
network address 127.0.0.1 is added to the 'inter-
faces' parameter list smbpasswd and swat may not
work as expected due to the reasons covered below.
To change a users SMB password, the smbpasswd by
default connects to the "localhost" - 127.0.0.1
address as an SMB client to issue the password
change request. If "bind interfaces only" is set
then unless the network address 127.0.0.1 is added
to the 'interfaces' parameter list then smbpasswd
will fail to connect in it's default mode. smb-
passwd can be forced to use the primary IP inter-
face of the local host by using its "-r remote
machine" parameter, with "remote machine" set to
the IP name of the primary interface of the local
host.
The swat status page tries to connect with smbd and
nmbd at the address 127.0.0.1 to determine if they
are running. Not adding 127.0.0.1 will cause smbd
and nmbd to always show "not running" even if they
really are. This can prevent swat from start-
ing/stopping/restarting smbd and nmbd.
Default: bind interfaces only = False
Example: bind interfaces only = True
interfaces (G)
This option allows you to setup multiple network
interfaces, so that Samba can properly handle
browsing on all interfaces.
The option takes a list of ip/netmask pairs. The
netmask may either be a bitmask, or a bitlength.
For example, the following line:
interfaces = 192.168.2.10/24 192.168.3.10/24
would configure two network interfaces with IP
addresses 192.168.2.10 and 192.168.3.10. The net-
masks of both interfaces would be set to
255.255.255.0.
You could produce an equivalent result by using:
interfaces = 192.168.2.10/255.255.255.0
192.168.3.10/255.255.255.0
if you prefer that format.
If this option is not set then Samba will attempt
to find a primary interface, but won't attempt to
configure more than one interface.
See also "bind interfaces only".
--
Crist J. Clark cjclark@home.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912112224.RAA69260>