Samba NT4 PDC Port Usage: Difference between revisions
From SambaWiki
Mmuehlfeld (talk | contribs) m (Change netstat example) |
Mmuehlfeld (talk | contribs) m (Added category) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= Identifying Listening Ports and Interfaces = |
|||
= Introduction = |
|||
To identify ports and network interfaces your Samba primary domain controller (PDC) is listening on, run: |
|||
If you require to secure your Samba installation with a firewall, you would need information, what ports and protocols are used. This page will give you an overview. |
|||
= Identify on which ports and interfaces Samba is listening = |
|||
You can use "netstat" to identify which ports Samba and related daemons are listening on and on which IPs: |
|||
# netstat -tulpn | egrep "smbd|nmbd|winbind" |
# netstat -tulpn | egrep "smbd|nmbd|winbind" |
||
The following is a snippet of an example output: |
|||
tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 43270/smbd |
tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 43270/smbd |
||
tcp 0 0 10. |
tcp 0 0 10.99.0.1:139 0.0.0.0:* LISTEN 43270/smbd |
||
tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 43270/smbd |
tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 43270/smbd |
||
tcp 0 0 10. |
tcp 0 0 10.99.0.1:445 0.0.0.0:* LISTEN 43270/smbd |
||
... |
|||
The |
The output displays that the services are listening on <code>localhost</code> (<code>127.0.0.1</code>) and the network interface with the IP address <code>10.99.0.1</code>. On both interfaces, the ports <code>139/tcp</code> and <code>445/tcp</code> are opened. For further information on the output, see the <code>netstat (8)</code> manual page. |
||
To bind Samba to specific interfaces, see [[Configure_Samba_to_Bind_to_Specific_Interfaces|Configure Samba to Bind to Specific Interfaces]]. |
|||
= Samba PDC Port Usage = |
|||
= Port usage when Samba runs as an NT4 Primary Domain Controller = |
|||
{| |
{| class="wikitable" |
||
!Service |
!Service |
||
!Port |
!Port |
||
Line 59: | Line 49: | ||
---- |
|||
= Prevent Samba from listening on all interfaces = |
|||
[[Category:NT4 Domains]] |
|||
Sometimes you don't want Samba to listen on all interfaces of your host. For example, when the host is directly connected to the internet, you surely don't want to provide your shares to the rest of the world. If you limit Samba to listen only on the internal NIC(s), you don't need a firewall to prevent access from the outside. |
|||
Add the following to the "[global]" section of your smb.conf to bind Samba to eth0 and loopback: |
|||
bind interfaces only = yes |
|||
interfaces = lo eth0 |
|||
The "interfaces" parameter allows various ways to restrict. See the manpage for more details. |
|||
After the changes, restart Samba. |
Latest revision as of 20:38, 26 February 2017
Identifying Listening Ports and Interfaces
To identify ports and network interfaces your Samba primary domain controller (PDC) is listening on, run:
# netstat -tulpn | egrep "smbd|nmbd|winbind" tcp 0 0 127.0.0.1:139 0.0.0.0:* LISTEN 43270/smbd tcp 0 0 10.99.0.1:139 0.0.0.0:* LISTEN 43270/smbd tcp 0 0 127.0.0.1:445 0.0.0.0:* LISTEN 43270/smbd tcp 0 0 10.99.0.1:445 0.0.0.0:* LISTEN 43270/smbd ...
The output displays that the services are listening on localhost
(127.0.0.1
) and the network interface with the IP address 10.99.0.1
. On both interfaces, the ports 139/tcp
and 445/tcp
are opened. For further information on the output, see the netstat (8)
manual page.
To bind Samba to specific interfaces, see Configure Samba to Bind to Specific Interfaces.
Samba PDC Port Usage
Service | Port | protocol |
---|---|---|
End Point Mapper (DCE/RPC Locator Service) | 135 | tcp |
NetBIOS Name Service | 137 | udp |
NetBIOS Datagram | 138 | udp |
NetBIOS Session | 139 | tcp |
SMB over TCP | 445 | tcp |