Re: Close ports 137 and 138 samba server?

• Previous message: Public: "Re: just running tcpdump makes promisc mode?"
• In reply to: Scott Gifford: "Re: Close ports 137 and 138 samba server?"
• Next in thread: James Carter: "Re: Close ports 137 and 138 samba server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 24 Jun 2004 11:58:03 -0400
To: Scott Gifford <sgifford@suspectclass.com>, listassec@yahoo.com

Scott Gifford <sgifford@suspectclass.com> wrote:
> <listassec@yahoo.com> writes:
>
>>And the samba stop to listen on internet interface on port 139, but it
>>continue listening on ports 137 and 138 on both interface. How to stop
>>listen on this ports on internet interface only?
>
>
> That's nmbd listening on those ports. The manual for smb.conf says:
>
> bind interfaces only (G)
>
[...]
> So there isn't a way to turn this off, but if you believe nmbd's
> documentation, it's doing a bit of filtering on its own, so should be
> safe.
>
> I've looked in the past for a way to turn this off, and have always
> settled on firewalling. Probably it's possible to modify the source
> for nmbd to prevent it from listening on 0.0.0.0, but that's always
> struck me as more trouble than it's worth.
>
> Good luck!
>
> ---ScottG.
>

As you mentioned, Samba consists of two separate daemon processes which
most linux distros tend to startup in daemon mode (although smbd can be
run through xinetd/inetd).

Verify this by typing:
$ ps aux | grep 'nmbd\|smbd' | grep -v grep

If both nmbd and smbd are listed then you can kill nmbd by sending its
process id a SIGTERM (signal 15).
(Note: nmbd's purpose is to perform netbios name translation, wins
lookups, etc. which I'm assuming you aren't using.. although if you do
need Nebios name translation, wins server/client, or any of the other
functions nmbd performs, then the "interfaces" and "bind intereface
only" options along with iptables filtering would be the way to go).

You also need to find the script that starts up samba for you particular
distro and comment out or remove the command that starts nmbd. From
then on only smbd will be listening on port 139 (or additionally port
445 using "smb ports = 445 139", if you are using Samba v3).

BTW, If you have any further samba questions the samba-users list
"samba@lists.samba.org" is a great resource.

-Bryan

• application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

• Previous message: Public: "Re: just running tcpdump makes promisc mode?"
• In reply to: Scott Gifford: "Re: Close ports 137 and 138 samba server?"
• Next in thread: James Carter: "Re: Close ports 137 and 138 samba server?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Best Plan of action for 2 forest....... ... PortQry reports the status of a port in one of the following ways: ... ..LISTENING This response indicates that a process is listening on the target ... (microsoft.public.windows.server.active_directory) Re: RealVNC ... If we are talking about RealVNC it goes this way ... Then there is default Java listening port on port 5800 on the client machine ... (microsoft.public.windows.server.sbs) Re: Cant join a domain ... Attempting to resolve name to IP address... ... TCP port 42: NOT LISTENING ... (microsoft.public.windows.server.active_directory) Re: Cant join a domain ... Attempting to resolve name to IP address... ... TCP port 42: NOT LISTENING ... (microsoft.public.windows.server.active_directory) Re: Cant connect to port 25 from another system ... The default sendmail config in RH/Fedora has been to only listen on the ... I previously edited the sendmail.mc file to be sure it is listening on ... Both netstat and nmap confirm that the system *is* listening on port ... When I attempt to telnet to port 25 the connection fails. ... (Fedora)