[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

HTH

Jonathan  Glass


> Well,  I guess that seals it, there's no easter egg to found for this one.
> I'll continue using IPTables and begin adding a -j ACCEPT for PPTP.  Boy,
> PopTop put up a good fight last time I tried it.  Guess it's going to be a
> long day.
>
> Thanks for the input everyone.
>
> On Saturday 10 January 2004 11:17 pm, Michael H. Warfield wrote:
>> On Sat, Jan 10, 2004 at 03:50:47PM -0500, David Hamm wrote:
>> > Finding the servere is not the problem.  The problem is that AllTel
>> has
>> > blocked port 135 on thier network and the user can't mount the share.
>> > Since I have DSL with BellSouth I have no problem and neither do
>> CBeyond
>> > customers. It is only AllTel and I anticipate more will have this
>> problem
>> > in the future as ISP's attempt to protect customers from worms.
>>
>> 	You got that right.  Even Microsoft now recommends, in some of their
>> knowledge base articles, to block ports 135-139,1433,1434 plus several
>> others, both tcp&udp, from the general network.  These are NOT protocols
>> which are appropriate for access over the internet in general.  You want
>> these connections, set up a VPN.  Too much trouble?  Then mirror the
>> server
>> to a box behind a firewall and let them get at it there.  Or enable the
>> uploads to a box in a DMZ to which the users have access (through a VPN
>> or otherwise).
>>
>> > On Saturday 10 January 2004 03:11 pm, James P. Kinney III wrote:
>> > > No. If all they are doing is downloading a file from an internet
>> > > server, then let use and http get.
>> > >
>> > > If you need more complicated access then consider setting up a wins
>> > > server so the users can find the machine and it's shares.
>> > >
>> > > On Sat, 2004-01-10 at 13:05, David Hamm wrote:
>> > > > Are you saying you can mount shares or access directories and
>> files
>> > > > via HTTP in the same manner as SMB?  The SMB users need the full
>> > > > functionality of an SMB share.
>> > > >
>> > > > On Saturday 10 January 2004 12:14 pm, James P. Kinney III wrote:
>> > > > > Try a login authenticated web access.
>> > > > >
>> > > > > On Sat, 2004-01-10 at 11:30, David Hamm wrote:
>> > > > > > Hello,
>> > > > > >
>> > > > > > I have an FTP server sittting on the Internet.  One group of
>> > > > > > users uploads files via FTP the other group downloads those
>> files
>> > > > > > via SMB. Securing SMB communications in most cases is handeled
>> by
>> > > > > > listing the SMB users's IP address in an IPTables rule with a
>> -j
>> > > > > > ACCEPT.  But recently I gained an SMB user an ALLTel's network
>> > > > > > and ALLTel blocks port 135.  The only options I can come up
>> with
>> > > > > > is eithher FreeSwan or PopTop and from recent experiences I'm
>> not
>> > > > > > excited about using either.  I wonder if I could run SMB on
>> > > > > > another port? Under Linux I don't see a problem but the
>> Windows
>> > > > > > workstations mounting the share can't be modified since they
>> also
>> > > > > > participate in an SMB based LAN. Any suggestions are welcomed.
>> > > > > >
>> > > > > > Thanks.
>> > > > > >
>> > > > > > _______________________________________________
>> > > > > > Ale mailing list
>> > > > > > Ale at ale.org
&gt;&gt; &gt; &gt; &gt; &gt; &gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt;&gt; &gt; &gt; &gt;
&gt;&gt; &gt; &gt; &gt; _______________________________________________
&gt;&gt; &gt; &gt; &gt; Ale mailing list
&gt;&gt; &gt; &gt; &gt; Ale at ale.org
&gt;&gt; &gt; &gt; &gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt;&gt; &gt;
&gt;&gt; &gt; _______________________________________________
&gt;&gt; &gt; Ale mailing list
&gt;&gt; &gt; Ale at ale.org
&gt;&gt; &gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt;
&gt; _______________________________________________
&gt; Ale mailing list
&gt; Ale at ale.org
&gt; <a  rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
&gt;


-- 
Jonathan Glass
Systems Support Specialist II
IBB/GTEC
Office: 404-385-0127
Cell: 404-444-4086


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00374" href="msg00374.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> ale at spinnerdog.com (David Hamm)</li></ul></li>
<li><strong><a name="00384" href="msg00384.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> ale at spinnerdog.com (David Hamm)</li></ul></li>
<li><strong><a name="00401" href="msg00401.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> mhw at wittsend.com (Michael H. Warfield)</li></ul></li>
<li><strong><a name="00416" href="msg00416.html">[ale] SMB options</a></strong>
<ul><li><em>From:</em> ale at spinnerdog.com (David Hamm)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00420.html">[ale] Atapi cdrecord?</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00422.html">[ale] Domain name registrars--advice, experience?</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00416.html">[ale] SMB options</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00427.html">[ale] SMB options</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00421"><strong>Date</strong></a></li>
<li><a href="threads.html#00421"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>