How To Secure Samba NMBD/SMBD to bind to a specific IP address

By default Samba SMB/NMB listen on ANY and ALL IPs on your system by binding to 0.0.0.0.  Obviously this is a huge security risk if you have a public facing server with both internal and external access.  Usually when a system administrator sets up a samba server their intention is just to share with a LAN.

To do this you need to the following options under the [global] section in smb.conf

bind interfaces only = yes
interfaces = 192.168.1.10
hosts allow = 192.168.1.

The "bind interfaces only" tells Samba to only bind to the IP specified under "interfaces".

hosts allow is there for good measure (normally hosts allow will the only thing stopping people from the outside from accessing your samba server).  The safest way of course is to firewall on the public WAN side and to not bind to any interface or IP that you don't want to have access.

 

Latest Articles

  • Centos 7 - Convert Minimal to Graphical GUI GNOME or KDE Desktop
  • AMD Set Fan Speed and Other Powerplay Memory/CPU Timings with a Linux script
  • Ethereum Mining Claymore Nanopool Error
  • genisoimage errors with long filenames and deep directory structures
  • Linux Kernel USB Export Errors
  • How to download gajim 0.16.9 XMPP/Jabber client so you can use OMEMO encryption
  • HP DL385 G7 Linux BIOS Update Flash
  • hwloc-nox set CPU affinity in Linux
  • Firefox An error occurred during a connection to some-ip-or-domain. SSL peer reports incorrect Message Authentication Code. Error code: SSL_ERROR_BAD_MAC_ALERT Solution
  • Proxmox understanding the directory structure and why an NFS datastore appears to be missing files/isos
  • pandoc convert markdown to html
  • Proxmox error uploading an iso solution
  • Cannot install moodle
  • MySQL change for Antelope format to Barracuda error solution
  • vmkping -I vmk1 10.0.2.69 PING 10.0.2.69 (10.0.2.69): 56 data bytes sendto() failed (Host is down)
  • gvfs mount in /run/user cannot be accessed or displayed wrong permissions
  • VMWare vSphere 6.7 Errors Solution 503 Service Unavailable (Failed to connect to endpoint:
  • How To Enable Nested KVM so guests can virtualize with hardware extensions
  • vi error solution E166: Can't open linked file for writing
  • Supermicro IPMI / KVM / BMC Remote Console Screen Resizing Issue - Window Cut Off Solution