running samba share on public accessible computer a good idea?

running samba share on public accessible computer a good idea?

Post by Rob Baxt » Fri, 01 Jun 2001 22:22:23



Hi,

I run a small IPMasq network to share a cable Internet connection to
approx four clients.  Also running on this RH 7.0 box is a DHCP server
for those internal machines.  The last thing I would like to have this
computer do (because it's always on) is provide a printing service
through samba.  My question: Is there a secuirty issue with sharing a
printer using samba on a computer that has a public IP?  Is this in
general a good idea or should I use one of the other (private)
machines to share the printer?  This solution is less ideal because
the other machines are not always on.  The printer can not be hooked
directly to my hub, and I can not affort a Jet Direct device.

There is a 'medium-light' firewall running on this machine.  Basically
it's the script (with only very minor modification to suit my needs)
from RedHat that can be found here:
http://www.redhat.com/support/docs/tips/firewall/firewallservice.html

Any help or thoughts anyone has would be greatly appreciated, thanks,

Rob

 
 
 

running samba share on public accessible computer a good idea?

Post by Dimitri Mazi » Sat, 02 Jun 2001 02:50:13



Quote:> Hi,

> I run a small IPMasq network to share a cable Internet connection to
> approx four clients.  Also running on this RH 7.0 box is a DHCP server
> for those internal machines.  The last thing I would like to have this
> computer do (because it's always on) is provide a printing service
> through samba.  My question: Is there a secuirty issue with sharing a
> printer using samba on a computer that has a public IP?  Is this in
> general a good idea or should I use one of the other (private)
> machines to share the printer?

In general you shouldn't run anything (except maybe an IDS) on your
firewall.  OTOH if you block external access to samba/printer ports
you should be ok.

Dima
--

http://www.bmrb.wisc.edu/descript/gpgkey.dmaziuk.ascii -- GnuPG 1.0.4 public key
Q276304 - Error Message: Your Password Must Be at Least 18770 Characters
and Cannot Repeat Any of Your Previous 30689 Passwords            -- RISKS 21.37

 
 
 

running samba share on public accessible computer a good idea?

Post by Ryan » Sun, 03 Jun 2001 04:38:49


Rob, here's a good idea:

Assuming the internal IP of your firewall is 10.0.0.1

   interfaces = 10.0.0.1/32
   bind interfaces only = yes

pub that in your smb.conf file, what that does is make samba listen only on
the interfaces (IP) that you specified, normally it will attempt to listen
on all interfaces.

Ryan


> Hi,

> I run a small IPMasq network to share a cable Internet connection to
> approx four clients.  Also running on this RH 7.0 box is a DHCP server
> for those internal machines.  The last thing I would like to have this
> computer do (because it's always on) is provide a printing service
> through samba.  My question: Is there a secuirty issue with sharing a
> printer using samba on a computer that has a public IP?  Is this in
> general a good idea or should I use one of the other (private)
> machines to share the printer?  This solution is less ideal because
> the other machines are not always on.  The printer can not be hooked
> directly to my hub, and I can not affort a Jet Direct device.

> There is a 'medium-light' firewall running on this machine.  Basically
> it's the script (with only very minor modification to suit my needs)
> from RedHat that can be found here:
> http://www.redhat.com/support/docs/tips/firewall/firewallservice.html

> Any help or thoughts anyone has would be greatly appreciated, thanks,

> Rob