| View previous topic :: View next topic |
| Author |
Message |
spankmeister7
Tux's lil' helper
Joined: 10 Apr 2005
Posts: 76
|
 Posted: Wed Oct 26, 2005 7:39 pm Post subject: swat doesn't work from a remote location |
 |
|
Hi.
I've installed Samba and it works just fine. But boy oh boy do I hate trying to use Swat from Lynx through an ssh session.
It would be fantastic if swat could just work across the web so I can administer it remotely. I have port 901 open on the firewall, and I commented out the only_from entry in my /etc/xinetd.d/swat file. Just for kicks, here is my /etc/xinetd.d/swat file:
service swat
{
port = 901
socket_type = stream
wait = no
#only_from = 192.168.1.0/24
user = root
server = /usr/sbin/swat
log_on_failure += USERID
disable = no
}
Also, the service is listening on my /etc/services file like so:
swat 901/tcp # Samba configuration tool
Still, from a remote connection I can't connect. It simply times out instead. |
|
| Back to top |
|
 |
exklusve
Apprentice
Joined: 23 Aug 2002
Posts: 270
Location: currently ~/
|
| Posted: Thu Oct 27, 2005 7:29 pm Post subject: |
|
|
did u restart xinetd ?
_________________
eXklusve
You do know that no one gives a shit about your system spec's right? |
|
| Back to top |
|
|
spankmeister7
Tux's lil' helper
Joined: 10 Apr 2005
Posts: 76
|
| Posted: Thu Oct 27, 2005 8:58 pm Post subject: yes |
|
|
| Yes, I restarted xinetd. |
|
| Back to top |
|
|
pulgitaflo
n00b
Joined: 28 Apr 2004
Posts: 59
|
| Posted: Wed Nov 16, 2005 12:26 am Post subject: |
|
|
Hi there,
I don't know if you got this solved without telling us (  ), but nevertheless here're my ideas about the problem:
The default configuration file installed along xinetd contains
| Code: |
default
{
only_from = localhost
} |
and as your /etc/xinet.d/swat reads like
| Code: |
service swat
{
#only_from = 192.168.1.0/24
} |
I would assume that by not specifying a service based restriction the default value (read: localhost) is taken. To access swat from other hosts, set up the only_from option for swat and you should get remote access. The line you commented out will enable you to use swat from any host in LAN 192.168.1.0 - which should be reasonably safe (at least if you can trust all users in this LAN). Nevertheless, you want to have access "across the web" (which certainly should be possible by specifying something like 42.42.42.42/0) - but be warned: this sounds like a really bad idea (tm) to me. | Code: | service swat
{
user = root
} |
states that swat should be run as root (and I guess it has to for writing proviledge on smb.conf). Now, running a service as root is dangerous and much more so if offered to anyone on the net. Also consider the following warning: | man swat wrote: | | Note that you can attach to SWAT from any IP connected machine but connecting from a remote machine leaves your connection open to password sniffing as passwords will be sent in the clear over the wire. |
I really think you don't want this. There may be ways to get this setting more secure, but it will for sure require quite some work (and that's only if it's possible in the first run). So don't sacrifice too much security for a little comfort - play safe  |
|
| Back to top |
|
|
|
Networking & Security
