Re: [LUNI] Security issues without firewall

From: Erik Jarvi (ejarvi@megsinet.net)
Date: Thu Mar 08 2001 - 21:29:02 CST

Next message: Erik Jarvi: "Re: [LUNI] Off topic....kinda sorta"

Previous message: David Rock: "Re: [LUNI] Off topic....kinda sorta"
In reply to: chamster: "Re: [LUNI] Security issues without firewall"
Next in thread: Martin Maney: "Re: [LUNI] Security issues without firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Mar 08, 2001 at 04:50:35PM -0800, chamster wrote:
>
> On Thu, 8 Mar 2001, A.Khan wrote:
> > FWIW, Samba can be configured to serve only on specific interface(s) such as
> > 'eth0'. Assuming eth0 is the internal interface of the File-Print
> > Server/NAT/Proxy box. As others have suggested also block the relevant ports
> > on 'ppp0' for additional insurance.
>
> This is surprisingly undocumented in many Samba guides that you see on the
> Net or in books. I wasn't aware of it until I happened to read about it in
> a Debian mailing list a while back. I tried to find something similar with
> Netatalk and squid. It would make me more comfortable to tell my LAN
> services to say "ignore this interface to the outside world" than to
> say "only allow these IP addresses to connect."

My /etc/atalk/atalkd.conf

# Format of lines in this file:
#
# interface [ -seed ] [ -phase { 1 | 2 } ] [ -addr net.node ]
# [ -net first[-last] ] [ -zone ZoneName ] ...
#
# -seed only works if you have multi-interfaces. Any missing arguments are
# automatically configured from the network. Note: lines can't actually be
# split, tho it's a good idea.
#
# Some examples:
#
# The simplest case is no atalkd.conf. This works on most platforms
# (notably not Solaris), since atalkd can discover the local interfaces
# on the machine.
#
# Very slightly more complicated:
#
# le0
# or
# eth0
#
# for Solaris/SunOS or Linux.
#
# A much more complicated example:
#
# le0 -phase 1
# le1 -seed -phase 2 -addr 66.6 -net 66-67 -zone "No Parking"
#
# This turns on transition routing between the le0 and le1
# interfaces on a Sun. It also causes atalkd to fail if other
# routers disagree about it's configuration of le1.
#
eth0 -phase 2 -net 0-65534 -addr 65280.242

-- 
All music aspires to the condition of muzak.
-=-
Linux Users Of Northern Illinois: General Discussion Mailing list.
For unsubscription, archives, and announcements only see http://luni.org

Next message: Erik Jarvi: "Re: [LUNI] Off topic....kinda sorta"
Previous message: David Rock: "Re: [LUNI] Off topic....kinda sorta"
In reply to: chamster: "Re: [LUNI] Security issues without firewall"
Next in thread: Martin Maney: "Re: [LUNI] Security issues without firewall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Mar 08 2001 - 21:21:49 CST