Re: [Qemu-devel] Connecting vde and LAN

[Ross Kendall Axe]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oliver Gerlich wrote:
> Ross Kendall Axe schrieb:
> 
>>>Oliver Gerlich wrote:
>>>
>>>
>>>>>The "problem" is that I start vde_switch and the bridging not at boot,
>>>>>but when I want to run Qemu. So then I have to restart Samba to bind to
>>>>>to br0 instead of eth0. Not so much of a problem though... Only I don't
>>>>>know what other services already rely on eth0 as my network interface :)
>>>
>>>
>>>You've got the 'Bind interfaces only' option turned on in Samba haven't
>>>you? Turn it off and your problem will disappear.
>>>
>>>As to what other programs care about interfaces appearing/disappearing,
>>>run 'netstat -ltup' to see who's listening where. Anything listening on
>>>'*:portnumber' probably doesn't care.
> 
> 
> Thanks for your ideas; but I try to run every service bound to specific
> interfaces (lo and/or eth0), so I don't get into problems when attaching
> eg. a direct internet connection or WLAN.
> 
> 
>>>Ross
> 
> 
> Oliver
> 

I personally tend to rely more on tcpwrappers and a strong firewall for
this kind of access control, and that's not even mentioning the password
protection on everything :-).

However, in the specific case of Samba, you can still do interface based
access control without using the "bind interfaces only" option.  It will
still only accept connections on the interfaces you specify, but the
problem you're having will go away.

This is all strictly IMHO, of course.

Ross


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFC1IQ59bR4xmappRARAic5AJ4sBnDMvqbnM2y+PxoH610WHFgrLgCgnEvM
w4yPf1ElMLyEbUWZXQvDCB8=
=VZmx
-----END PGP SIGNATURE-----