How To Secure Samba NMBD/SMBD to bind to a specific IP address -
How To Secure Samba NMBD/SMBD to bind to a specific IP address
By default Samba SMB/NMB listen on ANY and ALL IPs on your system by binding to 0.0.0.0. Obviously this is a huge security risk if you have a public facing server with both internal and external access. Usually when a system administrator sets up a samba server their intention is just to share with a LAN.
To do this you need to the following options under the [global] section in smb.conf
bind interfaces only = yes
interfaces = 192.168.1.10
hosts allow = 192.168.1.
The "bind interfaces only" tells Samba to only bind to the IP specified under "interfaces".
hosts allow is there for good measure (normally hosts allow will the only thing stopping people from the outside from accessing your samba server). The safest way of course is to firewall on the public WAN side and to not bind to any interface or IP that you don't want to have access.