Re: How /etc/hosts.allow /etc/hosts.deny and smb.conf play along

Thu, 26 Apr 2012 04:57:27 -0700 

Hi Tuxoholic,

[...]

> With this smb.conf tweaking it works fine, but why could smbd/nmbd run past 
> /etc/hosts.allow and /etc/hosts.deny without those lines in smb.conf?

Already answered by Juan Sierra Pons.

> To my limited CIDR understandig a /32 mask should restrict access to 
> 192.168.2.0.0 and 192.168.2.1 - this should be fine for testing purposes.

Not sure about that. You can check it with ipcalc (in the ipcalc package):

$ ipcalc 192.168.2.0/32
Address:   192.168.2.0          11000000.10101000.00000010.00000000 
Netmask:   255.255.255.255 = 32 11111111.11111111.11111111.11111111 
Wildcard:  0.0.0.0              00000000.00000000.00000000.00000000 
=>
Hostroute: 192.168.2.0          11000000.10101000.00000010.00000000 
Hosts/Net: 1                     Class C, Private Internet

So it looks like you need a 31 bit netmask for that address range:

$ ipcalc 192.168.2.0/31
Address:   192.168.2.0          11000000.10101000.00000010.0000000 0
Netmask:   255.255.255.254 = 31 11111111.11111111.11111111.1111111 0
Wildcard:  0.0.0.1              00000000.00000000.00000000.0000000 1
=>
Network:   192.168.2.0/31       11000000.10101000.00000010.0000000 0
HostMin:   192.168.2.0          11000000.10101000.00000010.0000000 0
HostMax:   192.168.2.1          11000000.10101000.00000010.0000000 1
Hosts/Net: 2                     Class C, Private Internet, PtP Link RFC 3021


> Once this denies all services I'd set it to /24 to have access to the
> whole "subnet" from 192.168.2.0-192.168.2.255 and 127.0.0.1 127.0.1.1

Well you don't seem to be allowed .0 and .255:

$ ipcalc 192.168.2.0/24
Address:   192.168.2.0          11000000.10101000.00000010. 00000000
Netmask:   255.255.255.0 = 24   11111111.11111111.11111111. 00000000
Wildcard:  0.0.0.255            00000000.00000000.00000000. 11111111
=>
Network:   192.168.2.0/24       11000000.10101000.00000010. 00000000
HostMin:   192.168.2.1          11000000.10101000.00000010. 00000001
HostMax:   192.168.2.254        11000000.10101000.00000010. 11111110
Broadcast: 192.168.2.255        11000000.10101000.00000010. 11111111
Hosts/Net: 254                   Class C, Private Internet


I hope this helps.

-- 
Cheers,
Clive


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20120426113448.GA6767@rimmer.localdomain

Reply via email to