[lug] firewall, samba and windows file sharing

[Ben Luey]

I've got a bunch of computers (call them set A) that are connected to a
large, not very secure network (set B) that uses windows file and printer
sharing all over the place. 95% of the file/printer traffic for set A
computers is between set A computers. I want to put set A computer behind
a firewall since set B computer have little security protection. Set A
computer consist of windows XP desktops and a linux samba file server. The
question is how can I access file/printer shares on computers in set B but
keep reasonable security setup on the firewall.

Some ideas I was thinking of:

A) Since there are only a few resources that we use from set B, have the
firewall mount these services with smbclient and then reexport these
services to set A computers. I'm not sure how this will work for printers
and if XP boxes will see the right printer drivers etc. The firewall box
could either export directly to set A, or to the linux file-server, which
could then reexport.

B) Open up ports 137:139 on the firewall to allow file/printer sharing
directly with the XP boxes. Does anyone know if this will work like other
services in terms of mapping internal ip address (set A) to internet
address (set B). Also, what about network neighborhood browsing and those
broadcast messages. All things being equal, I'd rather not open up those
ports.

C) New Ideas


Thanks,

Ben






Ben Luey
lueyb at jilau1.colorado.edu