Interfaces I think are best when one has bound multiple IPs to one NIC, or multiple NICS. The Allow/Deny does the same thing for a single NIC machine (my 2 cents only). The Firewall is based on exposure of course. A SOHO, is more than likely behind a bridge/router to the internet, so exposure is limited to usually 192.168.X.X, or local devices. In this specific case I am have several subnets, so blocking everything but what is needed (first rule of security I found) means someone from another subnet cannot port scan and try to compromise this machine (which should basically become a set it and forget it type machine). T. James -----Original Message----- From: Linux [mailto:linux-bounces [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca] On Behalf Of Timothy Brier Sent: Wednesday, October 02, 2013 10:04 AM To: linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca Subject: Re: [OCLUG-Tech] Set up a SAMBA server Hi, I know I'm late on this, but here's my two cents. I like that you block the firewall. Another option is to bind samba to the desired interface. An example in the smb.conf file would be: interfaces = 192.168.0.0/24 On 10/2/13 9:11 AM, James, Trevor wrote: > Here is my best guess document, if anyone has any input, I am always open for suggestions. > > http://macnash.telfer.uottawa.ca/~nashjc/visible/Ubuntu%20SAMBA.pdf > > > _______________________________________________ > Linux mailing list > Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca > http://oclug.on.ca/mailman/listinfo/linux Hi, I know I'm late on this, but here's my two cents. I like that you block the firewall, too many people leave this open. Another option is to bind samba to the desired interface. An example in the smb.conf file would be: interfaces = 192.168.0.0/24 bind interfaces only = true A few other lines I usually add to the smb.conf to allows samba to use symlinks: follow symlinks = yes wide links = yes unix extensions = no To optimize throughput with windows I add this: max xmit = 65535 aio read size = 1 aio write size =1 socket options = TCP_NODELAY IPTOS_LOWDELAY SO_SNDBUF=65535 SO_RCVBUF=65535 read raw = yes write raw = yes max connections = 65535 max open files = 65535 - Timothy Brier _______________________________________________ Linux mailing list Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca http://oclug.on.ca/mailman/listinfo/linux