Networking with Windows Computers

Zach uid000 at gmail.com
Mon Dec 5 13:01:28 UTC 2005


On 12/3/05, Lee H. <spamless_mr.sisyphus at shaw.ca> wrote:
> On Sat, 03 Dec 2005 09:38:52 -0500, you wrote:
>
> >First off, I have to say that having every machine on your network
> >being dual-homed adds a lot of complexity.  If you're looking for
> >"newbie friendly," that way certainly isn't.
>
> Why do I always try to do things the hard way?!?  :)
Because that's how we learn!

> Of course, back when I was an ignorant, paranoid Windows newbie, it
> seemed like a simple, logical way for protection.  I realize now that it
> is redundant, but things have worked that way for years and I could
> never be bothered to change it.
Every dual homed box provides an additional attack vector into your
network.  The private network is only as secure as the machine that
connects it to the outside.  If you want to use dual-homing as a
security mechanism, then perhaps a good idea would be to set up a
linux box with multiple nics and have it do NAT.  Then the only way
into your private network is through that box.  There are lots of
linux projects that make this easy.  I like freesco, but smoothwall is
another good one.  There was one called the Linux Router Project, but
I think it is dead now.

>
> >The configuration file, /etc/interfaces, allows you to specify per
> >interface settings.  As far allowing filesharing over one nic but not
> >another, that probably will require blocking the appropriate smb ports
> >for that nic using iptables rules.
>
> I've obviously got a lot more reading to do.  I am using Samba but have
> no experience with it (smb = Samba ?), iptables, TCP wrappers.

smb is Server Message Block (I believe) and is the protocol (or
collection or protocols?) that windows machines use communicate with
each other for workgroup & domain networking.  They use a specific set
of ports, 137, 138, & 139 (>= win2k also use 445) to talk and listen
(does MS not read RFCs?).  Making these ports unavailable outside your
network via firewall, etc., means that your shared resources won't be
accessable.

> Unfortunately, reading this stuff makes my eyes glaze over after about
> two minutes.

It can be dry, but the Samba documentation is *so* much better than
when I first set up my PDC a few years ago.

Hope this helps!

--
If you reply to a message I posted to a mailing list,
and you want me to see your reply, be sure to put my
address in the 'To:', or I might not see the message.




More information about the ubuntu-users mailing list