[ale] SMB options

Michael H. Warfield mhw at wittsend.com
Sat Jan 10 23:24:05 EST 2004


On Sat, Jan 10, 2004 at 03:50:47PM -0500, David Hamm wrote:
> Finding the servere is not the problem.  The problem is that AllTel has 
> blocked port 135 on thier network and the user can't mount the share.  Since 
> I have DSL with BellSouth I have no problem and neither do CBeyond customers.  
> It is only AllTel and I anticipate more will have this problem in the future 
> as ISP's attempt to protect customers from worms.

	You got that right.  Even Microsoft now recommends, in some of their
knowledge base articles, to block ports 135-139,1433,1434 plus several
others, both tcp&udp, from the general network.  These are NOT protocols
which are appropriate for access over the internet in general.  You want
these connections, set up a VPN.  Too much trouble?  Then mirror the server
to a box behind a firewall and let them get at it there.  Or enable the
uploads to a box in a DMZ to which the users have access (through a VPN
or otherwise).

> On Saturday 10 January 2004 03:11 pm, James P. Kinney III wrote:
> > No. If all they are doing is downloading a file from an internet server,
> > then let use and http get.
> >
> > If you need more complicated access then consider setting up a wins
> > server so the users can find the machine and it's shares.
> >
> > On Sat, 2004-01-10 at 13:05, David Hamm wrote:
> > > Are you saying you can mount shares or access directories and files via
> > > HTTP in the same manner as SMB?  The SMB users need the full
> > > functionality of an SMB share.
> > >
> > > On Saturday 10 January 2004 12:14 pm, James P. Kinney III wrote:
> > > > Try a login authenticated web access.
> > > >
> > > > On Sat, 2004-01-10 at 11:30, David Hamm wrote:
> > > > > Hello,
> > > > >
> > > > > I have an FTP server sittting on the Internet.  One group of users
> > > > > uploads files via FTP the other group downloads those files via SMB.
> > > > > Securing SMB communications in most cases is handeled by listing the
> > > > > SMB users's IP address in an IPTables rule with a -j ACCEPT.  But
> > > > > recently I gained an SMB user an ALLTel's network and ALLTel blocks
> > > > > port 135.  The only options I can come up with is eithher FreeSwan or
> > > > > PopTop and from recent experiences I'm not excited about using
> > > > > either.  I wonder if I could run SMB on another port? Under Linux I
> > > > > don't see a problem but the Windows workstations mounting the share
> > > > > can't be modified since they also participate in an SMB based LAN. 
> > > > > Any suggestions are welcomed.
> > > > >
> > > > > Thanks.
> > > > >
> > > > > _______________________________________________
> > > > > Ale mailing list
> > > > > Ale at ale.org
> > > > > http://www.ale.org/mailman/listinfo/ale
> > >
> > > _______________________________________________
> > > Ale mailing list
> > > Ale at ale.org
> > > http://www.ale.org/mailman/listinfo/ale
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  /\/\|=mhw=|\/\/       |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: not available




More information about the Ale mailing list