plugout.net

[Lieven]

Hello,
I just want to use this nas for backup of another nas via rsync. I created shares to use with rsync, but I don't want these shares to be visible through SMB (for extra security). Can I disable SMB? (without enabling AFP?) I didn't find this option?
Only in the case I have to restore some files, I would like to enable smb again temporarely.
Thank you.
Best regards,
Lieven

[Jocko]

Hi

Nope this option is not implemented.
Please to note even if you kill manually the process smbd (and not nmbd !), this one will be restarted as soon as you make some changes on user accounts, shares, and other servers like media, cron, ...

It's a basic principle on our firmware, make sure smbd or afp are running
Note: to be able to install a patch you need a samba/afp access on a share fvdw to store there the patches

[Lieven]

Ok i understand. Is there some kind of firewall function present in the install to block the SMB ports?
Or something i could install that doesnt affect performance too much? For example Iptables. Or would you not recommend that?

[Jocko]

To close the samba port used by smbd, you need to use these rules

Code: Select all

iptables -A INPUT -p udp -m udp --dport 139 -j REJECT
iptables -A INPUT -p udp -m udp --dport 445 -j REJECT

To open them again, uses the delete rules

Code: Select all

iptables -D INPUT -p udp -m udp --dport 139 -j REJECT
iptables -D INPUT -p udp -m udp --dport 445 -j REJECT

Attention: Do not close the port 137 and 138 which are used by nmbd. If they are closed, your nas will not be visible on your LAN :whistle

After each rebooting you need to run these commands.

Please to note as long as you do not forward these ports on your router, samba access from WAN is closed. So for me these rules are useless unless you think some hosts on your LAN may be infected...


Note: I moved the topics to ISP1/EDmini forum as it is your platform type

[Lieven]

Thank you for the info.
Only now I found the time to test this.
I ran the commands to block ports 139 and 445 but SMB still works after that? I still see the shared folders on my windows laptop, also after refreshing.

Reason I want to do this is protect this nas from threats in the LAN. I use it solely as a backup device (with rsync) so I don't need, and don't want smb because it't an extra risk. If you have a ransomeware attack, the last thing you want is your backup to be affected too...