[PLUG] Iptraf on my gateway is showing port 137 and 139 traffic across extrenal interface...

Tue May 21 21:18:22 UTC 2002

Michael Robinson

Isn't that Windows networking which shouldn't cross?  The /etc/services
file lists it as netbios-ns and netbios-dg.  Samba is installed on the
machine which probably requires netbios, but I
don't think there is any service loss if Windows networking stops at the
gateway box.  How do I modify my ipchains scripts on this Redhat 6.2
server to stop Windows networking from
extending out onto the Internet through masquerading, output chain, or
however else it's getting out?

Second question, how do I get ip accounting for kernels from
www.kernel.org, it seems to be missing from source trees gathered from
that source.  Is there a patch?

Third question, what can I remove from the default upgraded version of
Apache from Redhat direct for 6.2 if I am only needing it to support
horde webmail imp ?  What's security concerns are there with the
upgraded release ?   I wanted to install squirrelmail but couldn't
because that requires upgrading shared libraries and I am uncertain how
to do that let alone back up if it broke
things.

If anyone is familiar with Securing and Optimizing Redhat Linux v1.3
Final Mail_Server_Firewall unmodified how do I modify it to allow the
use of samba on the mail box to allow file shares for network backup
without allowing dangerous access to the internals of that server such
as the mailspool, root filesystem, etc ?  I'd like to be able to create
a mirror image of an OS installation and shove it out to the mail server
for later retrieval...  it would be cool to have an OS generic bootdisk
to do unattended restore from implementing something like RAID except
with the partitions on two different machines on a local network.  I
also want to have a seperate shares for temporary data backups where one
would burn them to a cd.  Does anyone know a way to burn directly from a
samba exported filesystem under Windows, I tried it ( even slowed the
write speed to 1x under easy cd-cdreator ) but access stopped and the
burn failed.  It would be really nice to not have to copy a file locally
to burn it.  My Windows system is 98SE and another person uses a 2000
system as well that also has a burner.  What would be ideal would be a
GPL replacement for Windows 98SE's networking code that implements  the
functionality well enough to fool any standard 98SE box without the
bugs.

Fourth question:  Samba problem, it works great as long as I'm using
Windows...  When I try to access samba fileshares from Linux I have to
mount them as root and all the files belong to root.
This doesn't work when the desire is to use the network filesystem
transparently as an extension of one's drive space.  How do I get a
samba mount under Linux where local workstation user owns the network
mounted directory even if NIS is not used ?  How do I fix samba mounting
so that I don't have to be root ?  If I have to use NIS to synchonize
permissions on files and ownership could someone point me to a good
resource, I have to be careful implementing NFS and NIS on a gateway
machine, these are network protocols that I think samba is supposed to
replace.

Fifth question:  I get a lot of what look like RIP packets from the ISP
opus where the servers they run are NT servers of some kind, aren't
these eating bandwidth and should I have a routing
protocol installed to answer them?  We are bridged static ip DSL
customers set up on the robinson-west.com domain.

Since I'm not subscribed to the plug list because the volume overwhelms
my only Internet visible private email account from Opus please send
response to: robinsom at opusnet.com.
Soon as I fix our Linux mail server and have filtering in place to
combat spam, I'll of course resubscribe to the list.