Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Samba4 and 0.0.0.0:137 and 0.0.0.0:138 opened, why ? How do close it ?
261 views
Skip to first unread message
CpServiceSPb .
Jan 11, 2015, 9:00:03 AM1/11/15
to
I have Samba4 4.1.14 (built from sources) installed at Ubuntu 14.04 LTS x32
and acting as Standalone server at the time.
Here are 3 faces at Ubuntu: lo, lan and wan.
There are lines:
bind interfaces only = yes
interfaces = lo lan0
in smb.conf
But netstat -tulpn shows 0.0.0.0 binded address:
tcp 0 0 192.168.0.254:139 0.0.0.0:*
LISTEN smbd
udp 0 0 192.168.0.255:137 0.0.0.0:*
nmbd
udp 0 0 192.168.0.254:137 0.0.0.0:*
nmbd
*udp 0 0 0.0.0.0:137 <http://0.0.0.0:137>
0.0.0.0:* nmbd*
udp 0 0 192.168.0.255:138 0.0.0.0:*
nmbd
udp 0 0 192.168.0.254:138 0.0.0.0:*
nmbd
*udp 0 0 0.0.0.0:138 <http://0.0.0.0:138>
0.0.0.0:* nmbd*
I don'n like *udp 0 0 0.0.0.0:port *at all !
Why is it so ?
How is it possible to close via Samba conf ?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
and acting as Standalone server at the time.
Here are 3 faces at Ubuntu: lo, lan and wan.
There are lines:
bind interfaces only = yes
interfaces = lo lan0
in smb.conf
But netstat -tulpn shows 0.0.0.0 binded address:
tcp 0 0 192.168.0.254:139 0.0.0.0:*
LISTEN smbd
udp 0 0 192.168.0.255:137 0.0.0.0:*
nmbd
udp 0 0 192.168.0.254:137 0.0.0.0:*
nmbd
*udp 0 0 0.0.0.0:137 <http://0.0.0.0:137>
0.0.0.0:* nmbd*
udp 0 0 192.168.0.255:138 0.0.0.0:*
nmbd
udp 0 0 192.168.0.254:138 0.0.0.0:*
nmbd
*udp 0 0 0.0.0.0:138 <http://0.0.0.0:138>
0.0.0.0:* nmbd*
I don'n like *udp 0 0 0.0.0.0:port *at all !
Why is it so ?
How is it possible to close via Samba conf ?
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Marc Muehlfeld
Jan 11, 2015, 9:30:02 AM1/11/15
to
Hello,
Am 11.01.2015 um 14:55 schrieb CpServiceSPb .:
> Here are 3 faces at Ubuntu: lo, lan and wan.
> There are lines:
> bind interfaces only = yes
> interfaces = lo lan0
> in smb.conf
>
> But netstat -tulpn shows 0.0.0.0 binded address:
> tcp 0 0 192.168.0.254:139 0.0.0.0:*
> LISTEN smbd
> udp 0 0 192.168.0.255:137 0.0.0.0:*
> nmbd
> udp 0 0 192.168.0.254:137 0.0.0.0:*
> nmbd
> *udp 0 0 0.0.0.0:137 <http://0.0.0.0:137>
> 0.0.0.0:* nmbd*
> udp 0 0 192.168.0.255:138 0.0.0.0:*
> nmbd
> udp 0 0 192.168.0.254:138 0.0.0.0:*
> nmbd
> *udp 0 0 0.0.0.0:138 <http://0.0.0.0:138>
> 0.0.0.0:* nmbd*
>
> I don'n like *udp 0 0 0.0.0.0:port *at all !
>
> Why is it so ?
The smb.conf man page answers this question ('bind interfaces only'):
... nmbd also binds to the "all addresses" interface (0.0.0.0) on ports
137 and 138 for the purposes of reading broadcast messages. If this
option is not set then nmbd will service name requests on all of these
sockets. If bind interfaces only is set then nmbd will check the source
address of any packets coming in on the broadcast sockets and discard
any that don't match the broadcast addresses of the interfaces in the
interfaces parameter list. ...
Regards,
Marc
Am 11.01.2015 um 14:55 schrieb CpServiceSPb .:
> Here are 3 faces at Ubuntu: lo, lan and wan.
> There are lines:
> bind interfaces only = yes
> interfaces = lo lan0
> in smb.conf
>
> But netstat -tulpn shows 0.0.0.0 binded address:
> tcp 0 0 192.168.0.254:139 0.0.0.0:*
> LISTEN smbd
> udp 0 0 192.168.0.255:137 0.0.0.0:*
> nmbd
> udp 0 0 192.168.0.254:137 0.0.0.0:*
> nmbd
> *udp 0 0 0.0.0.0:137 <http://0.0.0.0:137>
> 0.0.0.0:* nmbd*
> udp 0 0 192.168.0.255:138 0.0.0.0:*
> nmbd
> udp 0 0 192.168.0.254:138 0.0.0.0:*
> nmbd
> *udp 0 0 0.0.0.0:138 <http://0.0.0.0:138>
> 0.0.0.0:* nmbd*
>
> I don'n like *udp 0 0 0.0.0.0:port *at all !
>
> Why is it so ?
... nmbd also binds to the "all addresses" interface (0.0.0.0) on ports
137 and 138 for the purposes of reading broadcast messages. If this
option is not set then nmbd will service name requests on all of these
sockets. If bind interfaces only is set then nmbd will check the source
address of any packets coming in on the broadcast sockets and discard
any that don't match the broadcast addresses of the interfaces in the
interfaces parameter list. ...
Regards,
Marc
CpServiceSPb .
Jan 11, 2015, 9:50:02 AM1/11/15
to
Thanks for this answer.
As I understood, for example if parameter
bind interfaces only = yes is and
interfaces = lan0 (192.168.0.254) is
and if broadcast packet goes from 95.95.95.14 such packet will be dropped
(in other words) ?
Am I right ?
And other thing.
Why is 192.168.0.255 (network broadcast) opened for ?
May be exact such address (network broadcast) is inbtended for receiving
broadcasts ?
Within exact subnet but 0.0.0.0 is for all subnets ?
And is it possible to set off 0.0.0.0 via smb.conf ?
As I understood, for example if parameter
bind interfaces only = yes is and
interfaces = lan0 (192.168.0.254) is
and if broadcast packet goes from 95.95.95.14 such packet will be dropped
(in other words) ?
Am I right ?
And other thing.
Why is 192.168.0.255 (network broadcast) opened for ?
May be exact such address (network broadcast) is inbtended for receiving
broadcasts ?
Within exact subnet but 0.0.0.0 is for all subnets ?
And is it possible to set off 0.0.0.0 via smb.conf ?
CpServiceSPb .
Jan 11, 2015, 10:00:02 AM1/11/15
to
I have founded that 0.0.0.0:port could be "closed" by setting up socket
address = wishing IP addresses,
for example socket address = 127.0.0.1 192.168.0.254
address = wishing IP addresses,
for example socket address = 127.0.0.1 192.168.0.254
Rowland Penny
Jan 11, 2015, 11:00:02 AM1/11/15
to
and lan0 interfaces and these have the ipaddresses of 127.0.0.1 &
192.168.0.254. You do not like nmbd listening on 0.0.0.0 so you have
turned it off, you do know that in this context, 0.0.0.0 means listen on
all ip addresses on the machine that samba is set to use. So what you
are really saying is ' I do not like nmbd listening on all this machines
samba ip-addresses, so I will stop them listening on all these
ip-addresses and only let them listen on 127.0.0.1 & 192.168.0.254,
which are the only ipaddresses that samba will listen on anyway.
Rowland
CpServiceSPb .
Jan 11, 2015, 1:20:03 PM1/11/15
to
Hmmm, I founded some at
https://lists.samba.org/archive/samba-technical/2012-July/085752.html
As I saw these patches was already implemented.
But is it possible to receive broadcast not to 0.0.0.0 but to x.y.z.255 ?
This is network broadcast either.
And opened 0.0.0.0 even with checking of source net is quite insecure from
net security point of view.
I think so.
May be is it necessary to add some smb.conf parameter that could allow to
set up x.y.z.255 instead of 0.0.0.0 ?
https://lists.samba.org/archive/samba-technical/2012-July/085752.html
As I saw these patches was already implemented.
But is it possible to receive broadcast not to 0.0.0.0 but to x.y.z.255 ?
This is network broadcast either.
And opened 0.0.0.0 even with checking of source net is quite insecure from
net security point of view.
I think so.
May be is it necessary to add some smb.conf parameter that could allow to
set up x.y.z.255 instead of 0.0.0.0 ?
Rowland Penny
Jan 11, 2015, 1:40:03 PM1/11/15
to
On 11/01/15 18:15, CpServiceSPb . wrote:
> Hmmm, I founded some at
> https://lists.samba.org/archive/samba-technical/2012-July/085752.html
> As I saw these patches was already implemented.
>
> But is it possible to receive broadcast not to 0.0.0.0 but to x.y.z.255 ?
> This is network broadcast either.
>
> And opened 0.0.0.0 even with checking of source net is quite insecure from
> net security point of view.
> I think so.
I personally think that you think wrong, it is *LISTENING* on 0.0.0.0
> Hmmm, I founded some at
> https://lists.samba.org/archive/samba-technical/2012-July/085752.html
> As I saw these patches was already implemented.
>
> But is it possible to receive broadcast not to 0.0.0.0 but to x.y.z.255 ?
> This is network broadcast either.
>
> And opened 0.0.0.0 even with checking of source net is quite insecure from
> net security point of view.
> I think so.
with ports 137 & 138 on the ipaddresses 127.0.0.1 and 192.168.0.254, it
doesn't matter whether you turn 0.0.0.0 off in smb.conf, samba will
still listen on the two ipaddresses.
I am willing to bet that you have other programs listening on 0.0.0.0,
what are you going to do, stop them listening on 0.0.0.0 and if you do,
are you going to complain that nothing then works ??
You sound like one of the people in my country that writes heath &
safety risk assessments just to cover their behinds.
Rowland
CpServiceSPb .
Jan 12, 2015, 4:50:03 AM1/12/15
to
Rowland, as I you mentioned firstly, I have 3 faces: lo, lan, wan.
And you are right, 0.0.0.0 are all IPs.
I need only either listen to lo and lan or lan only, but not wan also.
But in my case and because of 0.0.0.0 are all faces, listening 0.0.0.0
doesn' t equal lo and lan (127.0.0.1 and 192.168.0.254) .
Yes, there is no 95.95.95.14 in netstat list, but 0.0.0.0 should cover and
95.95.95.14 also, or I don' t understand it right.
By the way I examined Samba4 4.1.14 again and 'socket address' parameter is
deprecated by now.
And I can not turn it off to listen to 0.0.0.0 correctly.
I made some tests. In fact there are not 0.0.0.0:137 and 0.0.0.0:138 but
either double 192.168.0.254 or 192.168.0.255 is appeared that make Samba4
working quite not good.
The one and only attempt is don' t include lo to interfaces parameter but
specify 127.0.0.1 to "socket address" . But it needs more checking for me.
> I personally think that you think wrong, it is *LISTENING* on 0.0.0.0
> with ports 137 & 138 on the ipaddresses 127.0.0.1 and 192.168.0.254, it
> doesn't matter whether you turn 0.0.0.0 off in smb.conf, samba will
> still listen on the two ipaddresses.
I suppose that listening on 0.0.0.0 means that listening on ALL interfaces
including wan one.
But I don' t extremely need it. You understand it, I think.
I can be wrong.
But how can I check it to be completely sure that for 0.0.0.0 is listening
on 127.0.0.1 and on 192.168.0.254 and not on 95.95.95.14 ?
> I am willing to bet that you have other programs listening on 0.0.0.0,
> what are you going to do, stop them listening on 0.0.0.0 and if you do,
> are you going to complain that nothing then works ??
> You sound like one of the people in my country that writes heath &
> safety risk assessments just to cover their behinds.
You lose the bet.
Exactly Samba4 listens on 0.0.0.0:137 and 0.0.0.0:138.
If I stop Samba4, these are both sockets are not opened.
You can check it in your own to start netstat while Samba4 runs and when
stops.
Or you don' t have pointed out sockets above opened by Samba4, then, please
send config example and Sama4 version you use.
Unfortunatelly there are quite many people, and not in my country only, who
don't go deeper to question essence or don' t want to understand question
completely before put useless words at their posts which are not
corresponded to a topic/posts.
Please read my posts more carefully and put words which are exactly within
topic only, without off-topic discussion, if you want, of course. Ok ?
Shortly, one more: my final purpose is to close 0.0.0.0 from Samba4 without
restriction its functionality on lan or/and lan interfaces or be completely
sure that it doesn' t cover wan IP (interface) , of course, when I don' t
want it.
Topic is about Samba4 only, not other soft.
And you are right, 0.0.0.0 are all IPs.
I need only either listen to lo and lan or lan only, but not wan also.
But in my case and because of 0.0.0.0 are all faces, listening 0.0.0.0
doesn' t equal lo and lan (127.0.0.1 and 192.168.0.254) .
Yes, there is no 95.95.95.14 in netstat list, but 0.0.0.0 should cover and
95.95.95.14 also, or I don' t understand it right.
By the way I examined Samba4 4.1.14 again and 'socket address' parameter is
deprecated by now.
And I can not turn it off to listen to 0.0.0.0 correctly.
I made some tests. In fact there are not 0.0.0.0:137 and 0.0.0.0:138 but
either double 192.168.0.254 or 192.168.0.255 is appeared that make Samba4
working quite not good.
The one and only attempt is don' t include lo to interfaces parameter but
specify 127.0.0.1 to "socket address" . But it needs more checking for me.
> I personally think that you think wrong, it is *LISTENING* on 0.0.0.0
> with ports 137 & 138 on the ipaddresses 127.0.0.1 and 192.168.0.254, it
> doesn't matter whether you turn 0.0.0.0 off in smb.conf, samba will
> still listen on the two ipaddresses.
including wan one.
But I don' t extremely need it. You understand it, I think.
I can be wrong.
But how can I check it to be completely sure that for 0.0.0.0 is listening
on 127.0.0.1 and on 192.168.0.254 and not on 95.95.95.14 ?
> I am willing to bet that you have other programs listening on 0.0.0.0,
> what are you going to do, stop them listening on 0.0.0.0 and if you do,
> are you going to complain that nothing then works ??
> You sound like one of the people in my country that writes heath &
> safety risk assessments just to cover their behinds.
Exactly Samba4 listens on 0.0.0.0:137 and 0.0.0.0:138.
If I stop Samba4, these are both sockets are not opened.
You can check it in your own to start netstat while Samba4 runs and when
stops.
Or you don' t have pointed out sockets above opened by Samba4, then, please
send config example and Sama4 version you use.
Unfortunatelly there are quite many people, and not in my country only, who
don't go deeper to question essence or don' t want to understand question
completely before put useless words at their posts which are not
corresponded to a topic/posts.
Please read my posts more carefully and put words which are exactly within
topic only, without off-topic discussion, if you want, of course. Ok ?
Shortly, one more: my final purpose is to close 0.0.0.0 from Samba4 without
restriction its functionality on lan or/and lan interfaces or be completely
sure that it doesn' t cover wan IP (interface) , of course, when I don' t
want it.
Topic is about Samba4 only, not other soft.
CpServiceSPb .
Jan 12, 2015, 6:10:03 AM1/12/15
to
Reindl Harald
Jan 12, 2015, 6:20:04 AM1/12/15
to
Am 12.01.2015 um 12:05 schrieb CpServiceSPb .:
> By the way I examined Samba4 4.1.14 again and 'socket address' parameter is
you can
https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#BINDINTERFACESONLY
bind interfaces only (G)
This global parameter allows the Samba admin to limit
what interfaces on a machine will serve SMB requests.
It affects file service smbd(8) and name service nmbd(8)
in a slightly different ways
https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#INTERFACES
interfaces (G)
This option allows you to override the default network
interfaces list that Samba will use for browsing, name
registration and other NetBIOS over TCP/IP (NBT) traffic.
By default Samba will query the kernel for the list of
all active interfaces and use any interfaces except
127.0.0.1 that are broadcast capable
0 new messages