Date: Tue, 27 Nov 2001 03:17:57 +0100 From: Walter Hop <walter@binity.com> To: FreeBSD ISP <freebsd-isp@freebsd.org> Subject: Firewalling a CIFS fileserver from the evil world. Message-ID: <11525977353.20011127031757@binity.com>
next in thread | raw e-mail | index | archive | help
Hi all,
I've been trying to firewall some Samba fileservers off from a LAN while
retaining (only) CIFS traffic. As I have found some old hardware that can
function as a small time gateway, I'd like to put the fileservers on a
separate Ethernet.
.--------.
| samba1 |-----.
`--------' | .---[ windows workstation ]
.--------. | .---------. +-- [ windows workstation ]
| samba2 |--+---| gateway |---+- [ windows workstation ]
`--------' `---------' +-- .....
|
.------.
| adsl |--/.
`------'
(The samba* and gateway are FreeBSD boxes)
I would like the Samba fileservers to be only reachable via the CIFS
protocol (they should be able to query other boxes too) and deny any
other traffic, and I wonder what ipfw rules I could inject into the
gateway so the samba servers have some sense of "physical" security.
Is there anybody who has a ipfw-ruleset that allows (nothing but) CIFS
traffic, or can point me in the direction of a good description of the
CIFS protocol so I can make a better attempt? I guess it has been done
before, but could not find anything useful on the web...
Thanks in advance!
w.
--
Walter Hop <walter@binity.com>
Updated contact information: http://www.binity.com/~walter/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11525977353.20011127031757>