How To Secure Samba NMBD/SMBD to bind to a specific IP address -

How To Secure Samba NMBD/SMBD to bind to a specific IP address

By default Samba SMB/NMB listen on ANY and ALL IPs on your system by binding to 0.0.0.0.  Obviously this is a huge security risk if you have a public facing server with both internal and external access.  Usually when a system administrator sets up a samba server their intention is just to share with a LAN.

To do this you need to the following options under the [global] section in smb.conf

bind interfaces only = yes
interfaces = 192.168.1.10
hosts allow = 192.168.1.

The "bind interfaces only" tells Samba to only bind to the IP specified under "interfaces".

hosts allow is there for good measure (normally hosts allow will the only thing stopping people from the outside from accessing your samba server).  The safest way of course is to firewall on the public WAN side and to not bind to any interface or IP that you don't want to have access.

 


  • Linux How To Clone One System Harddrive to another remote system
  • Ubuntu/Debian/Linux won't boot and drops to Busybox shell after cloning HDD with dd
  • Unable to negotiate with 192.168.1.99 port 22: no matching host key type found. Their offer: ssh-dss Solution
  • Centos 7 Password Reset
  • MySQL Adding New Field to Existing Database Table
  • MySQL Cannot Update/Write to any database table solution
  • Centos How To Update to Glibc 2.14 Plus
  • php remove last letters of string
  • MySQL Maximum INT Size Truncation Issue/Warning
  • MySQL How To Add New Field Column To Existing Table
  • mysql how to reset passwords with a few commands
  • htaccess apache how deny/allow to block or allow by IP address
  • PHP geoip.so fatal error Solution
  • Syntax error on line 221 of /etc/httpd/conf/httpd.conf: Syntax error on line 6 of /etc/httpd/conf.d/php.conf: Cannot load /etc/httpd/modules/libphp5.so into server: /etc/httpd/modules/libphp5.so: cannot open shared object file: No such file or direct
  • GCC 5 on Centos 6 - How To Install
  • bash find line and replace howto
  • How To Create Apache htpasswd file
  • possible SYN flooding on ctid 42131, port 80. Sending cookies. - Solution
  • Linux last command show login by IP instead of hostname
  • Install Windows From a Linux TFTP Server instead of using WDS Solution