If you’re running Samba on a multihomed system (on multiple subnets), you will need to configure Samba to use all the network interfaces. Another use for the options presented in this section is to implement better security by allowing or disallowing connections on the specified interfaces.
Let’s assume that our Samba server can access both the subnets 192.168.220.* and 134.213.233.*. Here are our additions to the configuration file to add the networking configuration options:
[global] # Networking configuration options hosts allow = 192.168.220. 134.213.233. hosts deny = 192.168.220.102 interfaces = 192.168.220.100/255.255.255.0 \ 188.8.131.52/255.255.255.0 bind interfaces only = yes
Take a look at the
deny options. If these
options sound familiar, you’re probably thinking of
hosts.deny files that are found in the
/etc directories of many Unix systems. The
purpose of these options is identical to those files; they provide a
means of security by allowing or denying the connections of other
hosts based on their IP addresses. We could use the
files, but we are using this method instead because there might be
services on the server that we want others to access without also
giving them access to Samba’s disk or printer
allow option, we’ve specified a 192.168.220 IP address, which is equivalent to saying: “All hosts on the 192.168.220 subnet.” However, we’ve ...