| View previous topic :: View next topic |
| Author |
Message |
Skotlex
Guru
Joined: 13 Mar 2004
Posts: 309
|
 Posted: Tue Jul 20, 2004 11:50 pm Post subject: SMB on a hybrid lan with public IPs. Not a good idea? |
 |
|
I am questioning the level of security of my lan at my home. You see, there's three computers, all get their IP assigned via dhcpd by our ISP (because we all use a cable-modem), so these three machines have their own ips (which I have yet to see change, I think it's relatively safe to assume them static), but these ips at the same time are both public and internal for the lan. Now, the net mask given by my isp is slightly messed up (it includes 2 of the machines only), and because of that it's "hard" to separate the lan from the internet.
In my Gentoo machine I limit access to samba by setting up the firewall to only allow connections from the other two ips.
In the other two machines (both WinXP) I set up Sygate Personal Firewall. The problem is that in the options I had to set full file-sharing, and even though I added an advanced rule to permit everything from the other two machines, file-sharing just tends to not work most of the time. Sometimes neither of the machines likes to show up in my workgroup despite the three belonging to the same workgroup name! It's very annoying because I can't transfer files between these PCs without first disabling the firewall!
What should I do? I thought SMB was the way to go for sharing files in a hybrid LAN, but I fear the computer setup here is rather... exposed to attacks and the like, I was thinking I should just close down and disable file sharing via SMB. But if I do that, what should I use instead to share files? I was thinking of setting ftp servers on each of the machines to do transfers via that... does it sounds like the best option? I definitely doubt SMB will do the LAN any good on the long term.... |
|
| Back to top |
|
 |
curtis119
Bodhisattva
Joined: 10 Mar 2003
Posts: 2160
Location: Toledo, Ohio,USA, North America, Earth, SOL System, Milky Way, The Universe, The Cosmos, and Beyond.
|
| Posted: Wed Jul 21, 2004 12:17 am Post subject: |
|
|
smb is way complicated if you only want to do file shareing. An ftp server or rsync server would be much better. IMHO. there are several ftp servers you can try in portage. rsync uses ssh by default so it is proabably the way to go.
_________________
Gentoo: it's like wiping your ass with silk. |
|
| Back to top |
|
|
mr sk
Apprentice
Joined: 15 Jul 2004
Posts: 174
Location: Hollis
|
| Posted: Wed Jul 21, 2004 12:46 am Post subject: |
|
|
Why not buy a stack a 100 cds for 20bucks. haha. nah.
I would recommend using an ftp server, or upload the files to a internet host (extra slow VS home network).
Doesn't yourISP firewall (192.0.0.x is your homenetwork), how could someone attack your computer, unless via malicious sites, cross scripting or trojans.??
Not sure, I'd go w/FTP. 8) |
|
| Back to top |
|
|
Lajasha
Veteran
Joined: 17 Mar 2004
Posts: 1040
Location: Vibe Central
|
| Posted: Wed Jul 21, 2004 12:51 am Post subject: |
|
|
As the other 2 have suggested FTP would be the way to go or possibly VPN since each box is using a public IP.
However, and correct me if there is a reason you don't do this, why not setup one of the boxes as a router or even by a router and then you can sit behind it and not have to worry about the Public ip / subnet mess you currently have?
_________________
Come and play in my land |
|
| Back to top |
|
|
Skotlex
Guru
Joined: 13 Mar 2004
Posts: 309
|
| Posted: Wed Jul 21, 2004 1:25 am Post subject: |
|
|
| maletek wrote: | As the other 2 have suggested FTP would be the way to go or possibly VPN since each box is using a public IP.
However, and correct me if there is a reason you don't do this, why not setup one of the boxes as a router or even by a router and then you can sit behind it and not have to worry about the Public ip / subnet mess you currently have? |
Because my ISP doesn't really knows what they are doing... and I doubt I know much better either.
I could try to set up my machine to be a router so that I just forward the packets from the other two pcs to the cable-modem, but I just have no knowledge of how to set this up. All I know is to just let each pc acquire their own ip via dhcp from the cable modem. Plus, I have no idea what kinda services the other two pcs would want to serve, so I would have to end up forwarding all ports to them (and I doubt I'd get any extra security if I do so). I don't really like SMB, it has always given me trouble (I've yet to even manage to get printing working through Samba), perhaps I'll go with an FTP server, it should be less prone to attacks than SMB (even thought if they get rooted on the XP boxes it won't do the other pcs any good).
I don't know about setting up VPNs, I think I'll have to go give that a look. (Even if I could set up my Linux box as the router, my brother would eternally oppose it since he exclaims that Linux is the source of all the problems that ever happen in our LAN...  ) |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
