Different shares on different IPaddresses? - SMB

This is a discussion on Different shares on different IPaddresses? - SMB ; Greetings! My department is starting a project where we will have a few consultants coming on site, and connecting to our network. The consultants will be bringing their own laptops, something that worries me a little. I therefore would like ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Different shares on different IPaddresses?

  1. Different shares on different IPaddresses?

    Greetings!

    My department is starting a project where we will have a few consultants
    coming on site, and connecting to our network. The consultants will be
    bringing their own laptops, something that worries me a little.
    I therefore would like to create a separate segment, with an OpenBSD
    router/firewall between our internal network and the consultants. I will set
    this up as a DHCP Server, caching DNS and such.

    My question, however, is about out Windows 2000 Server:
    The consultants will need to access a few shares on this server. I would
    like to prevent them from seeing and connecting to the shares that are
    unrelated to the project.

    Is it possible to have Windows 2000 Server shares "listen" on specific IP
    addresses? Samba on Linux/Unix can do this, which is why I wonder if Windows
    can, too.
    I could assign an additional IP address to the server, have the shares
    'listen' on that IP, and in the firewall only allow consultants to connect
    to that IP, blocking the "normal" IP for Windows Server, that the
    departments uses, and hosts all the other shares?

    Is this at all possible? Alternate solutions are also gratefully
    appreciated.


    Regards,
    Frank F




  2. Re: Different shares on different IPaddresses?

    "Frank Foss" wrote...
    > My department is starting a project where we will have a few consultants
    > coming on site, and connecting to our network. The consultants will be
    > bringing their own laptops, something that worries me a little.
    > I therefore would like to create a separate segment, with an OpenBSD
    > router/firewall between our internal network and the consultants. I will

    set
    > this up as a DHCP Server, caching DNS and such.
    >
    > My question, however, is about out Windows 2000 Server:
    > The consultants will need to access a few shares on this server. I would
    > like to prevent them from seeing and connecting to the shares that are
    > unrelated to the project.


    Can't really comment on Win2K shares but what about this:
    1. Mount the Win2K shares on the OpenBSD box (smbmount et al)
    2. Create a Samba server on OpenBSD box that only listens on the
    consultant's segment.
    3. Create unique users on OpenBSD box so that there is no oBSD+Samba <=>
    Win2K user mapping.
    4. Share Win2K shares via Samba on oBSD box.

    eg,

    mount -t smbfs \\win2kserver\share1 /mnt/share1 \
    -o username=conartist,password=secret,rw,gid=xxx,umas k=yyy

    Make sure "conartist" doesn't exist locally (just extra security with
    Win2K's cached username/pass login crap). Then share /mnt/share1 using samba
    :-)

    I tested this in the office today and it does work. I had to setup the
    local samba users to all be a member of a specific group and add a couple of
    "gid=xxx,umask=yyy" type things to the mount options and then set up the
    group/share privileges in smb.conf but once this was done, the BSD samba
    users could NOT access the Win2K domain directly (unless they know a valid
    username/password on the domain). But it does isolate the networks AND
    systems which is what I think you are trying to achieve.

    Cheers,

    James



    --
    _______________________________________
    A random quote of nothing:
    Philosophy will clip an angel's wings.
    -- John Keats



+ Reply to Thread