[nycbug-talk] Apache, ftp, samba, etc....

Mikel King mikel.king
Tue Sep 27 09:18:05 EDT 2005

On Sep 26, 2005, at 9:36 PM, Erik Phillips wrote:

> Quoting Mikel King <mikel.king at ocsny.com>:
>> Quoting Erik Phillips <ephillips at loftmail.com>:
>>> Perhaps someone can help on this project.  I'm trying to  
>>> intergrate a
>>> web, ftp, and smb server (all on the same box) into our local  
>>> network,
>>> basically the box will be functioning as an internal multi network
>>> service server (mouthful!!!!)
>>> Anyway, here are my questions:
>>> 1. Is there anyway to accomplish this using apache (web server),
>>> pure-ftp (ftp/sftp server), and samba (smb service)?
>>> 2. How difficult will it be to secure these services?
>>> 3. Lastly, would a jail be an option for the smb service?
>>> I'm going through all my the reference materials (absolute bsd, bsd
>>> hacks, using samba, the handbook, etc.....) trying to piece together
>>> the right combination.  Before I continue any further, is this setup
>>> even possible?
>>> OS=FreeBSD 5.4 box=p4 1.6 with 1.5 gig of memory.
>>> Thanks in advanced,
>>> -Erik-
>>> --
>>> http://www.loftmail.com
>> Is the box in question behind a good firewall? If so then install  
>> the latest and
>> greatest versions follow the docs and you'll be fine. If the  
>> apache services
>> need to be accessible from the open internet then publish them  
>> through your
>> firewall. Same goes for ftp. You should be operational in no time.

> Yes sir George, YUCK!!!!  However, this solution is a replacement  
> for an IIS server that crashed.  Care to say yuck one more  
> time? ;-)  For now, all services are internal through 1 nic.  If  
> the web/ftp services will need external access, a 2nd nic would be  
> installed and samba would be configured to listen only on the  
> internal interface.  And, yes Mikel the box is behind a dedicated  
> firewall.
> erik
> --
> http://www.loftmail.com

Multihomed? If both NIC's will attach to the same LAN save yourself  
the headache and +alias the other address. As for the smb services,  
make sure that you add the rule to your smb.conf that allows only  
local subnet access. You can do this with swat if you prefer, just  
remeber to turn it off again once you are done. 

More information about the talk mailing list