From owner-freebsd-questions@FreeBSD.ORG Mon Feb 9 12:45:29 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 549E516A4D1 for ; Mon, 9 Feb 2004 12:45:29 -0800 (PST) Received: from chen.org.nz (chen.org.nz [210.54.19.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2146543D1F for ; Mon, 9 Feb 2004 12:45:29 -0800 (PST) (envelope-from jonc@chen.org.nz) Received: by chen.org.nz (Postfix, from userid 1000) id 10A9B1368A; Tue, 10 Feb 2004 09:45:25 +1300 (NZDT) Date: Tue, 10 Feb 2004 09:45:25 +1300 From: Jonathan Chen To: Marius Kirschner Message-ID: <20040209204524.GA85284@grimoire.chen.org.nz> References: <200402092040.i19Ke4Gj029169@tao.agoron.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200402092040.i19Ke4Gj029169@tao.agoron.com> User-Agent: Mutt/1.4.1i cc: freebsd-questions@freebsd.org Subject: Re: Routing question -- Samba X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Feb 2004 20:45:29 -0000 On Mon, Feb 09, 2004 at 03:40:04PM -0500, Marius Kirschner wrote: > I have a 4.9 box that's on a public IP and I want to configure Samba so it > only accepts connections from the private network (192.168.1). My question > is, can I do that with only 1 NIC card or do I have to add a second NIC for > the private LAN? You can do make samba accept only on the 192.168.1.0/24 network by specifying the "hosts allow" directive on smb.conf. However, if you have the public IP and private network on the same NIC, people can spoof your `private' network and get onto your box. -- Jonathan Chen ---------------------------------------------------------------------- Experience is a hard teacher because she gives the test first, the lesson afterwards