Web lists-archives.com

Re: [Samba] [3.6.6] nmbd reachable on 0.0.0.0: Safe?




On Sun, 9 Jul 2017 03:24:16 -0700 (PDT)
Winfried via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello
> 
> I'm running Samba 3.6.6 on a Linux host on a LAN connected to the
> Net, with my ADSL modem acting as firewall/router so as to keep local
> services like Samba unaccessible from the Net.
> 
> Still, I wanted to check if it's safe to have nmbd reachable from
> 0.0.0.0 on UDP137

0.0.0.0 in this context refers to the default route, so yes it is
safe, I would be more worried about the fact you are still using a
version of Samba that went EOL quite some time ago ;-)

For more info on 0.0.0.0, see here:

https://www.howtogeek.com/225487/what-is-the-difference-between-127.0.0.1-and-0.0.0.0/

> 
> ~# netstat -tunlp
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address
> State PID/Program name
> tcp        0      0 127.0.0.1:445           0.0.0.0:*
> LISTEN 1917/smbd
> tcp        0      0 192.168.0.15:445        0.0.0.0:*
> LISTEN 1917/smbd
> tcp        0      0 127.0.0.1:139           0.0.0.0:*
> LISTEN 1917/smbd
> tcp        0      0 192.168.0.15:139        0.0.0.0:*
> LISTEN 1917/smbd
> tcp6       0      0 ::1:445                 :::*
> LISTEN 1917/smbd
> tcp6       0      0 fe80::50:43ff:fee7::445 :::*
> LISTEN 1917/smbd
> tcp6       0      0 ::1:139                 :::*
> LISTEN 1917/smbd
> tcp6       0      0 fe80::50:43ff:fee7::139 :::*
> LISTEN 1917/smbd
> udp        0      0 192.168.0.255:137
> 0.0.0.0:* 1913/nmbd
> udp        0      0 192.168.0.15:137
> 0.0.0.0:* 1913/nmbd
> udp        0      0 0.0.0.0:137
> 0.0.0.0:* 1913/nmbd
> udp        0      0 192.168.0.255:138
> 0.0.0.0:* 1913/nmbd
> udp        0      0 192.168.0.15:138
> 0.0.0.0:* 1913/nmbd
> udp        0      0 0.0.0.0:138
> 0.0.0.0:* 1913/nmbd
> 
> Also, do I really need to use IPv6 on my LAN?

Only if you actually use IPv6 on your network.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba