You are not logged in.

Pages: 1

#1 2012-01-08 11:23:30

z0id
Member
From: Romania
Registered: 2010-02-02
Posts: 122

[SOLVED]samba and ipv6

My ISP recently enabled ipv6 so now I have a dual stack network. In the process of checking which services are ipv6 enabled, I saw this:

tcp6       0      0 :::445                  :::*                    LISTEN      17588/smbd          
tcp6       0      0 :::139                  :::*                    LISTEN      17588/smbd

I don't want samba to listen on the global ipv6 address since there is no NAT in ivp6 (I'm assuming this will make smbd visible to the internet). I tried setting the ipv4 subnet in hosts allow in smbd.conf, but it doesn't affect ipv6.
How do I disable ipv6 from samba, or make it listen only on the link local address?

Last edited by z0id (2012-02-06 14:36:21)

/usr/bin/drinking

Offline

#2 2012-02-06 14:36:04

z0id
Member
From: Romania
Registered: 2010-02-02
Posts: 122

Re: [SOLVED]samba and ipv6

fixed with

   interfaces = 10.5.5.99
   bind interfaces only = Yes

Kind of a no brainer...

/usr/bin/drinking

Offline

#3 2012-02-10 08:00:39

revellion
Member
From: Sweden
Registered: 2007-04-10
Posts: 54

Re: [SOLVED]samba and ipv6

Do you have real native IPv6 connectivity?. if so then putting a filter in might be a good idea.

If not.. then you can't really be reached over IPv6 so no problem.

Also putting interfaces =
can be problematic should you ever re-number your network or change IP of the host.

Hurricane Electric Certified IPv6 Sage

CPU: Core i7-2600 @ 4.0Ghz | RAM: 16GB (4x4GB) | GFX: AMD Radeon R9 290 4096MB VRAM | HDD: 1x 120GB SATA3 Corsair SSD (~500MB/s RW), 1x SATA2 250GB, 1x SATA2 320GB, 1x 180GB SATA3 Intel SSD
*EDIT* Replaced Nvidia GTX 570 for a AMD Radeon R9 290, and added an extra SSD 180GB

Offline

#4 2012-02-10 10:37:57

z0id
Member
From: Romania
Registered: 2010-02-02
Posts: 122

Re: [SOLVED]samba and ipv6

revellion wrote:

Do you have real native IPv6 connectivity?. if so then putting a filter in might be a good idea.

Yes, I have native IPv6. What kind of filter are you referring to?

/usr/bin/drinking

Offline

#5 2012-02-12 12:56:56

revellion
Member
From: Sweden
Registered: 2007-04-10
Posts: 54

Re: [SOLVED]samba and ipv6

Depending on how your IPv6 is delivered to your network you might consider using ip6tables on either the SMB host or the IPv6 router if it's running Linux.

such as implementing a "state tracker" which is the real security in the combination NAT is used in smile. NAT is merely rewritting addresses, and the state tracker keeps track of connections made so it can remember who's related to an local host going out and not letting external hosts in without a relation to an internal host's connection.

Hurricane Electric Certified IPv6 Sage

CPU: Core i7-2600 @ 4.0Ghz | RAM: 16GB (4x4GB) | GFX: AMD Radeon R9 290 4096MB VRAM | HDD: 1x 120GB SATA3 Corsair SSD (~500MB/s RW), 1x SATA2 250GB, 1x SATA2 320GB, 1x 180GB SATA3 Intel SSD
*EDIT* Replaced Nvidia GTX 570 for a AMD Radeon R9 290, and added an extra SSD 180GB

Offline

Pages: 1

Board footer

Powered by FluxBB