Hello I'm running Samba 3.6.6 on a Linux host on a LAN connected to the Net, with my ADSL modem acting as firewall/router so as to keep local services like Samba unaccessible from the Net. Still, I wanted to check if it's safe to have nmbd reachable from 0.0.0.0 on UDP137/138: ~# netstat -tunlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 1917/smbd tcp 0 0 192.168.0.15:445 0.0.0.0:* LISTEN 1917/smbd tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 1917/smbd tcp 0 0 192.168.0.15:139 0.0.0.0:* LISTEN 1917/smbd tcp6 0 0 ::1:445 :::* LISTEN 1917/smbd tcp6 0 0 fe80::50:43ff:fee7::445 :::* LISTEN 1917/smbd tcp6 0 0 ::1:139 :::* LISTEN 1917/smbd tcp6 0 0 fe80::50:43ff:fee7::139 :::* LISTEN 1917/smbd udp 0 0 192.168.0.255:137 0.0.0.0:* 1913/nmbd udp 0 0 192.168.0.15:137 0.0.0.0:* 1913/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 1913/nmbd udp 0 0 192.168.0.255:138 0.0.0.0:* 1913/nmbd udp 0 0 192.168.0.15:138 0.0.0.0:* 1913/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 1913/nmbd Also, do I really need to use IPv6 on my LAN? Thank you. -- View this message in context: http://samba.2283325.n4.nabble.com/3-6-6-nmbd-reachable-on-0-0-0-0-Safe-tp4721155.html Sent from the Samba - General mailing list archive at Nabble.com.
On Sun, 9 Jul 2017 03:24:16 -0700 (PDT) Winfried via samba <samba at lists.samba.org> wrote:> Hello > > I'm running Samba 3.6.6 on a Linux host on a LAN connected to the > Net, with my ADSL modem acting as firewall/router so as to keep local > services like Samba unaccessible from the Net. > > Still, I wanted to check if it's safe to have nmbd reachable from > 0.0.0.0 on UDP1370.0.0.0 in this context refers to the default route, so yes it is safe, I would be more worried about the fact you are still using a version of Samba that went EOL quite some time ago ;-) For more info on 0.0.0.0, see here: https://www.howtogeek.com/225487/what-is-the-difference-between-127.0.0.1-and-0.0.0.0/> > ~# netstat -tunlp > Active Internet connections (only servers) > Proto Recv-Q Send-Q Local Address Foreign Address > State PID/Program name > tcp 0 0 127.0.0.1:445 0.0.0.0:* > LISTEN 1917/smbd > tcp 0 0 192.168.0.15:445 0.0.0.0:* > LISTEN 1917/smbd > tcp 0 0 127.0.0.1:139 0.0.0.0:* > LISTEN 1917/smbd > tcp 0 0 192.168.0.15:139 0.0.0.0:* > LISTEN 1917/smbd > tcp6 0 0 ::1:445 :::* > LISTEN 1917/smbd > tcp6 0 0 fe80::50:43ff:fee7::445 :::* > LISTEN 1917/smbd > tcp6 0 0 ::1:139 :::* > LISTEN 1917/smbd > tcp6 0 0 fe80::50:43ff:fee7::139 :::* > LISTEN 1917/smbd > udp 0 0 192.168.0.255:137 > 0.0.0.0:* 1913/nmbd > udp 0 0 192.168.0.15:137 > 0.0.0.0:* 1913/nmbd > udp 0 0 0.0.0.0:137 > 0.0.0.0:* 1913/nmbd > udp 0 0 192.168.0.255:138 > 0.0.0.0:* 1913/nmbd > udp 0 0 192.168.0.15:138 > 0.0.0.0:* 1913/nmbd > udp 0 0 0.0.0.0:138 > 0.0.0.0:* 1913/nmbd > > Also, do I really need to use IPv6 on my LAN?Only if you actually use IPv6 on your network. Rowland
Samba - General mailing list wrote> I would be more worried about the fact you are still using a version of > Samba that went EOL quite some time ago ;-)Thanks for the infos. This is an ARM-based (Marvell Kirkwood Feroceon 88FR131) appliance that is running Debian 7.11. "apt-get update ; apt-get upgrade" provides no more recent release of Samba. Is there a way to force APT to install a more recent release? I prefer using it to manage applications. =============~# cat /etc/apt/sources.list # deb http://ftp.fr.debian.org/debian/ wheezy main deb http://ftp.fr.debian.org/debian/ wheezy main deb-src http://ftp.fr.debian.org/debian/ wheezy main deb http://security.debian.org/ wheezy/updates main deb-src http://security.debian.org/ wheezy/updates main # wheezy-updates, previously known as 'volatile' deb http://ftp.fr.debian.org/debian/ wheezy-updates main deb-src http://ftp.fr.debian.org/debian/ wheezy-updates main ============= -- View this message in context: http://samba.2283325.n4.nabble.com/3-6-6-nmbd-reachable-on-0-0-0-0-Safe-tp4721155p4721159.html Sent from the Samba - General mailing list archive at Nabble.com.