[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Sat Jan 10 23:24:05 2004 -->
- <!--x-from-r13: zuj ng jvggfraq.pbz ([vpunry V. Inesvryq) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] SMB options -->
- <li><em>date</em>: Sat Jan 10 23:24:05 2004</li>
- <li><em>from</em>: mhw at wittsend.com (Michael H. Warfield)</li>
- <li><em>in-reply-to</em>: <<a href="msg00384.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00374.html">[email protected]</a>> <<a href="msg00379.html">[email protected]</a>> <<a href="msg00381.html">[email protected]</a>> <<a href="msg00384.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] SMB options</li>
You got that right. Even Microsoft now recommends, in some of their
knowledge base articles, to block ports 135-139,1433,1434 plus several
others, both tcp&udp, from the general network. These are NOT protocols
which are appropriate for access over the internet in general. You want
these connections, set up a VPN. Too much trouble? Then mirror the server
to a box behind a firewall and let them get at it there. Or enable the
uploads to a box in a DMZ to which the users have access (through a VPN
or otherwise).
> On Saturday 10 January 2004 03:11 pm, James P. Kinney III wrote:
> > No. If all they are doing is downloading a file from an internet server,
> > then let use and http get.
> >
> > If you need more complicated access then consider setting up a wins
> > server so the users can find the machine and it's shares.
> >
> > On Sat, 2004-01-10 at 13:05, David Hamm wrote:
> > > Are you saying you can mount shares or access directories and files via
> > > HTTP in the same manner as SMB? The SMB users need the full
> > > functionality of an SMB share.
> > >
> > > On Saturday 10 January 2004 12:14 pm, James P. Kinney III wrote:
> > > > Try a login authenticated web access.
> > > >
> > > > On Sat, 2004-01-10 at 11:30, David Hamm wrote:
> > > > > Hello,
> > > > >
> > > > > I have an FTP server sittting on the Internet. One group of users
> > > > > uploads files via FTP the other group downloads those files via SMB.
> > > > > Securing SMB communications in most cases is handeled by listing the
> > > > > SMB users's IP address in an IPTables rule with a -j ACCEPT. But
> > > > > recently I gained an SMB user an ALLTel's network and ALLTel blocks
> > > > > port 135. The only options I can come up with is eithher FreeSwan or
> > > > > PopTop and from recent experiences I'm not excited about using
> > > > > either. I wonder if I could run SMB on another port? Under Linux I
> > > > > don't see a problem but the Windows workstations mounting the share
> > > > > can't be modified since they also participate in an SMB based LAN.
> > > > > Any suggestions are welcomed.
> > > > >
> > > > > Thanks.
> > > > >
> > > > > _______________________________________________
> > > > > Ale mailing list
> > > > > Ale at ale.org
> > > > > <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
> > >
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
--
Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | <a rel="nofollow" href="http://www.wittsend.com/mhw/";>http://www.wittsend.com/mhw/</a>
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00416" href="msg00416.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> ale at spinnerdog.com (David Hamm)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00374" href="msg00374.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> ale at spinnerdog.com (David Hamm)</li></ul></li>
<li><strong><a name="00379" href="msg00379.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> ale at spinnerdog.com (David Hamm)</li></ul></li>
<li><strong><a name="00381" href="msg00381.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> jkinney at localnetsolutions.com (James P. Kinney III)</li></ul></li>
<li><strong><a name="00384" href="msg00384.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> ale at spinnerdog.com (David Hamm)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00411.html">[ale] mounting backups</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00402.html">[ale] SMB options</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00386.html">[ale] SMB options</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00416.html">[ale] SMB options</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00401"><strong>Date</strong></a></li>
<li><a href="threads.html#00401"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>