[ale] SMB options

David Hamm ale at spinnerdog.com
Sun Jan 11 05:51:00 EST 2004


Well,  I guess that seals it, there's no easter egg to found for this one.   
I'll continue using IPTables and begin adding a -j ACCEPT for PPTP.  Boy, 
PopTop put up a good fight last time I tried it.  Guess it's going to be a 
long day.  

Thanks for the input everyone.  

On Saturday 10 January 2004 11:17 pm, Michael H. Warfield wrote:
> On Sat, Jan 10, 2004 at 03:50:47PM -0500, David Hamm wrote:
> > Finding the servere is not the problem.  The problem is that AllTel has
> > blocked port 135 on thier network and the user can't mount the share. 
> > Since I have DSL with BellSouth I have no problem and neither do CBeyond
> > customers. It is only AllTel and I anticipate more will have this problem
> > in the future as ISP's attempt to protect customers from worms.
>
> 	You got that right.  Even Microsoft now recommends, in some of their
> knowledge base articles, to block ports 135-139,1433,1434 plus several
> others, both tcp&udp, from the general network.  These are NOT protocols
> which are appropriate for access over the internet in general.  You want
> these connections, set up a VPN.  Too much trouble?  Then mirror the server
> to a box behind a firewall and let them get at it there.  Or enable the
> uploads to a box in a DMZ to which the users have access (through a VPN
> or otherwise).
>
> > On Saturday 10 January 2004 03:11 pm, James P. Kinney III wrote:
> > > No. If all they are doing is downloading a file from an internet
> > > server, then let use and http get.
> > >
> > > If you need more complicated access then consider setting up a wins
> > > server so the users can find the machine and it's shares.
> > >
> > > On Sat, 2004-01-10 at 13:05, David Hamm wrote:
> > > > Are you saying you can mount shares or access directories and files
> > > > via HTTP in the same manner as SMB?  The SMB users need the full
> > > > functionality of an SMB share.
> > > >
> > > > On Saturday 10 January 2004 12:14 pm, James P. Kinney III wrote:
> > > > > Try a login authenticated web access.
> > > > >
> > > > > On Sat, 2004-01-10 at 11:30, David Hamm wrote:
> > > > > > Hello,
> > > > > >
> > > > > > I have an FTP server sittting on the Internet.  One group of
> > > > > > users uploads files via FTP the other group downloads those files
> > > > > > via SMB. Securing SMB communications in most cases is handeled by
> > > > > > listing the SMB users's IP address in an IPTables rule with a -j
> > > > > > ACCEPT.  But recently I gained an SMB user an ALLTel's network
> > > > > > and ALLTel blocks port 135.  The only options I can come up with
> > > > > > is eithher FreeSwan or PopTop and from recent experiences I'm not
> > > > > > excited about using either.  I wonder if I could run SMB on
> > > > > > another port? Under Linux I don't see a problem but the Windows
> > > > > > workstations mounting the share can't be modified since they also
> > > > > > participate in an SMB based LAN. Any suggestions are welcomed.
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > > _______________________________________________
> > > > > > Ale mailing list
> > > > > > Ale at ale.org
> > > > > > http://www.ale.org/mailman/listinfo/ale
> > > >
> > > > _______________________________________________
> > > > Ale mailing list
> > > > Ale at ale.org
> > > > http://www.ale.org/mailman/listinfo/ale
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list