[lug] firewall, samba and windows file sharing take 2

hugh at math.byu.edu hugh at math.byu.edu
Wed Feb 25 12:07:48 MST 2004


> Thanks for the ideas. I'll try to answer some questions and
> clarify the setup and (of course) ask some more questions.
>
> Currently there is no set A computers. All computers are on Set B and they
> have internet routed IP addresses. I want to put some of these computers
> (set A, which is a subset of B) behind a firewall.
>
> If I do bridging, if I'm understanding correctly, then all set A computers
> need internet routable IP addresses and will be on the same subnet as set
> B. If I put 2 nics in the firewall, then set A can have non-routable IP's
> (10.0.0.xxx) but will obviously be on a different subnet.
>
> Are there any security arguments for one method vs the other? If I do
> bridging, then I filter via MAC address (or IP?) and file sharing should
> be unaffected assuming I allow smb broadcast messages through.
>
> If I do a non-routable subnet, then can I run a WINS server of the
> firewall to merge the two file/printer sharing networks? Is this a
> security hole? Will the WINS server potentially interfere with whatever
> WINS-like server is running on set B, which I know little about.
>
> Thanks again,
>
> Ben
>
>


Personally, the thought of running windows anything on the wide open
Internet scares me.  Any time you make services available on the Internet
you are opening yourself up to risk.  At this point, it sounds like you
have the risk maxed out, so moving some machines behind a firewall ought
to be an improvement.  It may be that the WINS server on B can still serve
appropriately for set A (presuming that WINS just responds to requests),
but  I expect that A would be able to see A and B and B would only see B
with a NAT set up.

FWIW,

Hugh



More information about the LUG mailing list