Loading ...
Sorry, an error occurred while loading the content.

Some simple questions

Expand Messages
  • ladeeda168
    I ve been scouring the Wiki and this group for an answer, but don t seem to be able to find what I need. I think these are very, very basic questions: 1) How
    Message 1 of 11 , May 13, 2005
    • 0 Attachment
      I've been scouring the Wiki and this group for an answer, but don't
      seem to be able to find what I need. I think these are very, very
      basic questions:

      1) How is the drive that is attached to the NSLU2 viewed from in-
      network computers? Is it in "My Network Places?" I've tried looking
      at the manual, but this simple question doesn't seem to be answered?

      2) How do people OUT of my network view files? Is there a way to do
      this without starting up an ftp client? Like a webpage based
      interface? Or something else? I would like to eliminate the FTP
      component and just have someone type in my domain (which would then be
      run off DynDNS)...

      Thanks!
    • jncharli - tele2
      Hello, 1) You should have assigned an Netbios Name to your NSLU2. All the shares you created will appear in « My Network place » with the name of the
      Message 2 of 11 , May 15, 2005
      • 0 Attachment
        Hello,



        1) You should have assigned an Netbios Name to your NSLU2.

        All the shares you created will appear in « My Network place » with the name
        of the NSLU2, and the name of the share.

        Note that if even if you haven’t created any share, there should be 2 lines
        by default :

        - admin1 on <NSLU2_Name_you_assigned> \\<NSLU2_Name_you_assigned>\admin
        1

        - disk 1 on <NSLU2_Name_you_assigned>
        \\<NSLU2_Name_you_assigned>\disk 1





        2) Be careful that allowing the outside world to connect to your NSLU2
        means that everybody connected to Internet is able to try and hack your
        files. This is a significant security concern that should be raised.



        To be able to share a ressource from outside your network (you LAN = Local
        Area Network), you must enable the ‘sharing protocol’ (aka Netbios) to cross
        your equipments (mainly your router).



        There are 3 steps to perform



        Step 0 : Check if your ISP doesn’t block the Netbios ports



        Sometimes (more and more often), the ISP blocks the Netbios ports for
        security reasons.

        You should check in the FAQ if your ISP blocks the Netbios ports. If it the
        case (like for mine), there is no real solution, other than changing your
        ISP.



        Step 1 : Allow the Netbios trafic to cross your router/firewall



        Currently, most of the router embedd a firewall. You then must tell your
        firewall embedded in the router you want to enable Netbios in both direction
        :

        TCP 137

        UDP 138

        TCP 139

        (sorry, there are maybe others, but here are the ports found in books).



        Step 2 : Tell your router what equipment (IP adress) will be the target of
        incoming Netbios trafic



        You must configure your router to set the NSLU2 to be the destination of all
        incoming Netbios requests.

        There is a common mode called ‘DMZ mode’ that can be used. In this mode, all
        incoming requests (Netbios or not) are sent to a single IP adress. This mode
        should be used for tests purposes.





        Hope it can help





        Greetings





        _____

        De : nslu2-general@yahoogroups.com [mailto:nslu2-general@yahoogroups.com] De
        la part de ladeeda168
        Envoyé : samedi 14 mai 2005 08:39
        À : nslu2-general@yahoogroups.com
        Objet : [nslu2-general] Some simple questions



        I've been scouring the Wiki and this group for an answer, but don't
        seem to be able to find what I need. I think these are very, very
        basic questions:

        1) How is the drive that is attached to the NSLU2 viewed from in-
        network computers? Is it in "My Network Places?" I've tried looking
        at the manual, but this simple question doesn't seem to be answered?

        2) How do people OUT of my network view files? Is there a way to do
        this without starting up an ftp client? Like a webpage based
        interface? Or something else? I would like to eliminate the FTP
        component and just have someone type in my domain (which would then be
        run off DynDNS)...

        Thanks!







        _____

        Yahoo! Groups Links

        * To visit your group on the web, go to:
        http://groups.yahoo.com/group/nslu2-general/

        * To unsubscribe from this group, send an email to:
        nslu2-general-unsubscribe@yahoogroups.com
        <mailto:nslu2-general-unsubscribe@yahoogroups.com?subject=Unsubscribe>

        * Your use of Yahoo! Groups is subject to the Yahoo!
        <http://docs.yahoo.com/info/terms/> Terms of Service.



        [Non-text portions of this message have been removed]
      • ladeeda168
        Thanks for your help. I am concerned about #2 (sharing with people outside my network)...What about all the people who run web servers off their NSLU2? How do
        Message 3 of 11 , May 15, 2005
        • 0 Attachment
          Thanks for your help.

          I am concerned about #2 (sharing with people outside my
          network)...What about all the people who run web servers off their
          NSLU2? How do they keep from "being hacked?"

          All I wanna do is share photos and maybe a few other files with
          family and friends...and I don't want to do it so they have to do it
          through an FTP client.

          --- In nslu2-general@yahoogroups.com, "jncharli - tele2"
          <jncharli@t...> wrote:
          > Hello,
          >
          >
          >
          > 1) You should have assigned an Netbios Name to your NSLU2.
          >
          > All the shares you created will appear in « My Network place »
          with the name
          > of the NSLU2, and the name of the share.
          >
          > Note that if even if you haven't created any share, there should
          be 2 lines
          > by default :
          >
          > - admin1 on <NSLU2_Name_you_assigned>
          \\<NSLU2_Name_you_assigned>\admin
          > 1
          >
          > - disk 1 on <NSLU2_Name_you_assigned>
          > \\<NSLU2_Name_you_assigned>\disk 1
          >
          >
          >
          >
          >
          > 2) Be careful that allowing the outside world to connect to
          your NSLU2
          > means that everybody connected to Internet is able to try and hack
          your
          > files. This is a significant security concern that should be
          raised.
          >
          >
          >
          > To be able to share a ressource from outside your network (you LAN
          = Local
          > Area Network), you must enable the `sharing protocol' (aka
          Netbios) to cross
          > your equipments (mainly your router).
          >
          >
          >
          > There are 3 steps to perform
          >
          >
          >
          > Step 0 : Check if your ISP doesn't block the Netbios ports
          >
          >
          >
          > Sometimes (more and more often), the ISP blocks the Netbios ports
          for
          > security reasons.
          >
          > You should check in the FAQ if your ISP blocks the Netbios ports.
          If it the
          > case (like for mine), there is no real solution, other than
          changing your
          > ISP.
          >
          >
          >
          > Step 1 : Allow the Netbios trafic to cross your router/firewall
          >
          >
          >
          > Currently, most of the router embedd a firewall. You then must
          tell your
          > firewall embedded in the router you want to enable Netbios in both
          direction
          > :
          >
          > TCP 137
          >
          > UDP 138
          >
          > TCP 139
          >
          > (sorry, there are maybe others, but here are the ports found in
          books).
          >
          >
          >
          > Step 2 : Tell your router what equipment (IP adress) will be the
          target of
          > incoming Netbios trafic
          >
          >
          >
          > You must configure your router to set the NSLU2 to be the
          destination of all
          > incoming Netbios requests.
          >
          > There is a common mode called `DMZ mode' that can be used. In this
          mode, all
          > incoming requests (Netbios or not) are sent to a single IP adress.
          This mode
          > should be used for tests purposes.
          >
          >
          >
          >
          >
          > Hope it can help
          >
          >
          >
          >
          >
          > Greetings
          >
          >
          >
          >
          >
          > _____
          >
          > De : nslu2-general@yahoogroups.com [mailto:nslu2-
          general@yahoogroups.com] De
          > la part de ladeeda168
          > Envoyé : samedi 14 mai 2005 08:39
          > À : nslu2-general@yahoogroups.com
          > Objet : [nslu2-general] Some simple questions
          >
          >
          >
          > I've been scouring the Wiki and this group for an answer, but
          don't
          > seem to be able to find what I need. I think these are very, very
          > basic questions:
          >
          > 1) How is the drive that is attached to the NSLU2 viewed from in-
          > network computers? Is it in "My Network Places?" I've tried
          looking
          > at the manual, but this simple question doesn't seem to be
          answered?
          >
          > 2) How do people OUT of my network view files? Is there a way to
          do
          > this without starting up an ftp client? Like a webpage based
          > interface? Or something else? I would like to eliminate the FTP
          > component and just have someone type in my domain (which would
          then be
          > run off DynDNS)...
          >
          > Thanks!
          >
          >
          >
          >
          >
          >
          >
          > _____
          >
          > Yahoo! Groups Links
          >
          > * To visit your group on the web, go to:
          > http://groups.yahoo.com/group/nslu2-general/
          >
          > * To unsubscribe from this group, send an email to:
          > nslu2-general-unsubscribe@yahoogroups.com
          > <mailto:nslu2-general-unsubscribe@yahoogroups.com?
          subject=Unsubscribe>
          >
          > * Your use of Yahoo! Groups is subject to the Yahoo!
          > <http://docs.yahoo.com/info/terms/> Terms of Service.
          >
          >
          >
          > [Non-text portions of this message have been removed]
        • jncharli - tele2
          Hello, It is generally considered very unsafe to let your Netbios ports open to the whole Internet. This is because some hackers could exploit some Windows
          Message 4 of 11 , May 15, 2005
          • 0 Attachment
            Hello,



            It is generally considered very unsafe to let your Netbios ports open to the
            whole Internet.

            This is because some hackers could exploit some Windows vulnerabilities
            using those ports.



            However, I tend to think you can open the Netbios ports of your NSLU2 to
            Internet, because the Operating System embedded in the NSLU2 is not Windows.

            As it is running Linux, even if the Netbios ports are open, the Windows
            vulnerabilities couldn’t be exploited.



            However, some Linux vulnerabilities could be exploited.

            It would mean that you are faced with a very clever hacker (wich is rare),
            who guessed that the box that uses the Netbios ports is not a Windows box,
            who guessed it is a Linux box, and who found a Linux vulnerability to
            exploit.



            Just to conclude, in my mind, you can open your NSLU2 on Internet (I first
            envisaged to do this, but my ISP block the Netbios ports).

            However, you should take some precautions if you do so :

            - patch all your Windows computers on the LAN with Windows Update

            - set a Firewall on each computer of your LAN (even the Firewall
            from Windows SP2)

            - set an Antivirus on each computer of your LAN

            - some routers allow you to restrict the access to Internet upon a
            time slot (Netgear and Linksys do), or a range of IP adress. Even if it’s
            hard to maintain, you should consider such a restriction.



            Hope it can help





            _____

            De : nslu2-general@yahoogroups.com [mailto:nslu2-general@yahoogroups.com] De
            la part de ladeeda168
            Envoyé : dimanche 15 mai 2005 23:35
            À : nslu2-general@yahoogroups.com
            Objet : [nslu2-general] Re: Some simple questions



            Thanks for your help.

            I am concerned about #2 (sharing with people outside my
            network)...What about all the people who run web servers off their
            NSLU2? How do they keep from "being hacked?"

            All I wanna do is share photos and maybe a few other files with
            family and friends...and I don't want to do it so they have to do it
            through an FTP client.

            --- In nslu2-general@yahoogroups.com, "jncharli - tele2"
            <jncharli@t...> wrote:
            > Hello,
            >
            >
            >
            > 1) You should have assigned an Netbios Name to your NSLU2.
            >
            > All the shares you created will appear in « My Network place »
            with the name
            > of the NSLU2, and the name of the share.
            >
            > Note that if even if you haven't created any share, there should
            be 2 lines
            > by default :
            >
            > - admin1 on <NSLU2_Name_you_assigned>
            \\<NSLU2_Name_you_assigned>\admin
            > 1
            >
            > - disk 1 on <NSLU2_Name_you_assigned>
            > \\<NSLU2_Name_you_assigned>\disk 1
            >
            >
            >
            >
            >
            > 2) Be careful that allowing the outside world to connect to
            your NSLU2
            > means that everybody connected to Internet is able to try and hack
            your
            > files. This is a significant security concern that should be
            raised.
            >
            >
            >
            > To be able to share a ressource from outside your network (you LAN
            = Local
            > Area Network), you must enable the `sharing protocol' (aka
            Netbios) to cross
            > your equipments (mainly your router).
            >
            >
            >
            > There are 3 steps to perform
            >
            >
            >
            > Step 0 : Check if your ISP doesn't block the Netbios ports
            >
            >
            >
            > Sometimes (more and more often), the ISP blocks the Netbios ports
            for
            > security reasons.
            >
            > You should check in the FAQ if your ISP blocks the Netbios ports.
            If it the
            > case (like for mine), there is no real solution, other than
            changing your
            > ISP.
            >
            >
            >
            > Step 1 : Allow the Netbios trafic to cross your router/firewall
            >
            >
            >
            > Currently, most of the router embedd a firewall. You then must
            tell your
            > firewall embedded in the router you want to enable Netbios in both
            direction
            > :
            >
            > TCP 137
            >
            > UDP 138
            >
            > TCP 139
            >
            > (sorry, there are maybe others, but here are the ports found in
            books).
            >
            >
            >
            > Step 2 : Tell your router what equipment (IP adress) will be the
            target of
            > incoming Netbios trafic
            >
            >
            >
            > You must configure your router to set the NSLU2 to be the
            destination of all
            > incoming Netbios requests.
            >
            > There is a common mode called `DMZ mode' that can be used. In this
            mode, all
            > incoming requests (Netbios or not) are sent to a single IP adress.
            This mode
            > should be used for tests purposes.
            >
            >
            >
            >
            >
            > Hope it can help
            >
            >
            >
            >
            >
            > Greetings
            >
            >
            >
            >
            >
            > _____
            >
            > De : nslu2-general@yahoogroups.com [mailto:nslu2-
            general@yahoogroups.com] De
            > la part de ladeeda168
            > Envoyé : samedi 14 mai 2005 08:39
            > À : nslu2-general@yahoogroups.com
            > Objet : [nslu2-general] Some simple questions
            >
            >
            >
            > I've been scouring the Wiki and this group for an answer, but
            don't
            > seem to be able to find what I need. I think these are very, very
            > basic questions:
            >
            > 1) How is the drive that is attached to the NSLU2 viewed from in-
            > network computers? Is it in "My Network Places?" I've tried
            looking
            > at the manual, but this simple question doesn't seem to be
            answered?
            >
            > 2) How do people OUT of my network view files? Is there a way to
            do
            > this without starting up an ftp client? Like a webpage based
            > interface? Or something else? I would like to eliminate the FTP
            > component and just have someone type in my domain (which would
            then be
            > run off DynDNS)...
            >
            > Thanks!
            >
            >
            >
            >
            >
            >
            >
            > _____
            >
            > Yahoo! Groups Links
            >
            > * To visit your group on the web, go to:
            > http://groups.yahoo.com/group/nslu2-general/
            >
            > * To unsubscribe from this group, send an email to:
            > nslu2-general-unsubscribe@yahoogroups.com
            > <mailto:nslu2-general-unsubscribe@yahoogroups.com?
            subject=Unsubscribe>
            >
            > * Your use of Yahoo! Groups is subject to the Yahoo!
            > <http://docs.yahoo.com/info/terms/> Terms of Service.
            >
            >
            >
            > [Non-text portions of this message have been removed]





            _____

            Yahoo! Groups Links

            * To visit your group on the web, go to:
            http://groups.yahoo.com/group/nslu2-general/

            * To unsubscribe from this group, send an email to:
            nslu2-general-unsubscribe@yahoogroups.com
            <mailto:nslu2-general-unsubscribe@yahoogroups.com?subject=Unsubscribe>

            * Your use of Yahoo! Groups is subject to the Yahoo!
            <http://docs.yahoo.com/info/terms/> Terms of Service.



            [Non-text portions of this message have been removed]
          • Computer Guy
            The NSLU2 has a web server enabled by default; this is the way you access the admin interface. If you used DynDNS, you could point port 80 to your NSLU2 and
            Message 5 of 11 , May 15, 2005
            • 0 Attachment
              The NSLU2 has a web server enabled by default; this is the way you access
              the admin interface. If you used DynDNS, you could point port 80 to your
              NSLU2 and people would be able to access the device through the same web
              interface.

              As for security; that should be your primary concern... If you allow
              everybody to have access through the web interface, as was stated earlier,
              you are opening up a hole that hackers will attempt to gain access through.
              While it may not be the easiest of solutions, it would still be better to
              set up a separate web/ftp server and host the files through there. That
              way, you have 2 layers of security - 1 from the NSLU2 and 1 from your
              separate server. Just my $.02.

              Matt B.

              -----Original Message-----
              From: nslu2-general@yahoogroups.com [mailto:nslu2-general@yahoogroups.com]
              On Behalf Of ladeeda168
              Sent: Sunday, May 15, 2005 11:35 PM
              To: nslu2-general@yahoogroups.com
              Subject: [nslu2-general] Re: Some simple questions

              Thanks for your help.

              I am concerned about #2 (sharing with people outside my network)...What
              about all the people who run web servers off their NSLU2? How do they keep
              from "being hacked?"

              All I wanna do is share photos and maybe a few other files with family and
              friends...and I don't want to do it so they have to do it through an FTP
              client.

              --- In nslu2-general@yahoogroups.com, "jncharli - tele2"
              <jncharli@t...> wrote:
              > Hello,
              >
              >
              >
              > 1) You should have assigned an Netbios Name to your NSLU2.
              >
              > All the shares you created will appear in « My Network place »
              with the name
              > of the NSLU2, and the name of the share.
              >
              > Note that if even if you haven't created any share, there should
              be 2 lines
              > by default :
              >
              > - admin1 on <NSLU2_Name_you_assigned>
              \\<NSLU2_Name_you_assigned>\admin
              > 1
              >
              > - disk 1 on <NSLU2_Name_you_assigned>
              > \\<NSLU2_Name_you_assigned>\disk 1
              >
              >
              >
              >
              >
              > 2) Be careful that allowing the outside world to connect to
              your NSLU2
              > means that everybody connected to Internet is able to try and hack
              your
              > files. This is a significant security concern that should be
              raised.
              >
              >
              >
              > To be able to share a ressource from outside your network (you LAN
              = Local
              > Area Network), you must enable the `sharing protocol' (aka
              Netbios) to cross
              > your equipments (mainly your router).
              >
              >
              >
              > There are 3 steps to perform
              >
              >
              >
              > Step 0 : Check if your ISP doesn't block the Netbios ports
              >
              >
              >
              > Sometimes (more and more often), the ISP blocks the Netbios ports
              for
              > security reasons.
              >
              > You should check in the FAQ if your ISP blocks the Netbios ports.
              If it the
              > case (like for mine), there is no real solution, other than
              changing your
              > ISP.
              >
              >
              >
              > Step 1 : Allow the Netbios trafic to cross your router/firewall
              >
              >
              >
              > Currently, most of the router embedd a firewall. You then must
              tell your
              > firewall embedded in the router you want to enable Netbios in both
              direction
              > :
              >
              > TCP 137
              >
              > UDP 138
              >
              > TCP 139
              >
              > (sorry, there are maybe others, but here are the ports found in
              books).
              >
              >
              >
              > Step 2 : Tell your router what equipment (IP adress) will be the
              target of
              > incoming Netbios trafic
              >
              >
              >
              > You must configure your router to set the NSLU2 to be the
              destination of all
              > incoming Netbios requests.
              >
              > There is a common mode called `DMZ mode' that can be used. In this
              mode, all
              > incoming requests (Netbios or not) are sent to a single IP adress.
              This mode
              > should be used for tests purposes.
              >
              >
              >
              >
              >
              > Hope it can help
              >
              >
              >
              >
              >
              > Greetings
              >
              >
              >
              >
              >
              > _____
              >
              > De : nslu2-general@yahoogroups.com [mailto:nslu2-
              general@yahoogroups.com] De
              > la part de ladeeda168
              > Envoyé : samedi 14 mai 2005 08:39
              > À : nslu2-general@yahoogroups.com
              > Objet : [nslu2-general] Some simple questions
              >
              >
              >
              > I've been scouring the Wiki and this group for an answer, but
              don't
              > seem to be able to find what I need. I think these are very, very
              > basic questions:
              >
              > 1) How is the drive that is attached to the NSLU2 viewed from in-
              > network computers? Is it in "My Network Places?" I've tried
              looking
              > at the manual, but this simple question doesn't seem to be
              answered?
              >
              > 2) How do people OUT of my network view files? Is there a way to
              do
              > this without starting up an ftp client? Like a webpage based
              > interface? Or something else? I would like to eliminate the FTP
              > component and just have someone type in my domain (which would
              then be
              > run off DynDNS)...
              >
              > Thanks!
              >
              >
              >
              >
              >
              >
              >
              > _____
              >
              > Yahoo! Groups Links
              >
              > * To visit your group on the web, go to:
              > http://groups.yahoo.com/group/nslu2-general/
              >
              > * To unsubscribe from this group, send an email to:
              > nslu2-general-unsubscribe@yahoogroups.com
              > <mailto:nslu2-general-unsubscribe@yahoogroups.com?
              subject=Unsubscribe>
              >
              > * Your use of Yahoo! Groups is subject to the Yahoo!
              > <http://docs.yahoo.com/info/terms/> Terms of Service.
              >
              >
              >
              > [Non-text portions of this message have been removed]





              Yahoo! Groups Links
            • ladeeda168
              I understand what you re saying about security, but if I have a separate server, wouldn t that defeat the purpose of the NSLU2? Couldn t I just set up shared
              Message 6 of 11 , May 15, 2005
              • 0 Attachment
                I understand what you're saying about security, but if I have a
                separate server, wouldn't that defeat the purpose of the NSLU2?
                Couldn't I just set up shared files on the same web/ftp server? Or
                am I misreading what you recommended?

                Thanks!



                --- In nslu2-general@yahoogroups.com, "Computer Guy"
                <computerguy@t...> wrote:
                > The NSLU2 has a web server enabled by default; this is the way you
                access
                > the admin interface. If you used DynDNS, you could point port 80
                to your
                > NSLU2 and people would be able to access the device through the
                same web
                > interface.
                >
                > As for security; that should be your primary concern... If you
                allow
                > everybody to have access through the web interface, as was stated
                earlier,
                > you are opening up a hole that hackers will attempt to gain access
                through.
                > While it may not be the easiest of solutions, it would still be
                better to
                > set up a separate web/ftp server and host the files through
                there. That
                > way, you have 2 layers of security - 1 from the NSLU2 and 1 from
                your
                > separate server. Just my $.02.
                >
                > Matt B.
                >
                > -----Original Message-----
                > From: nslu2-general@yahoogroups.com [mailto:nslu2-
                general@yahoogroups.com]
                > On Behalf Of ladeeda168
                > Sent: Sunday, May 15, 2005 11:35 PM
                > To: nslu2-general@yahoogroups.com
                > Subject: [nslu2-general] Re: Some simple questions
                >
                > Thanks for your help.
                >
                > I am concerned about #2 (sharing with people outside my
                network)...What
                > about all the people who run web servers off their NSLU2? How do
                they keep
                > from "being hacked?"
                >
                > All I wanna do is share photos and maybe a few other files with
                family and
                > friends...and I don't want to do it so they have to do it through
                an FTP
                > client.
                >
                > --- In nslu2-general@yahoogroups.com, "jncharli - tele2"
                > <jncharli@t...> wrote:
                > > Hello,
                > >
                > >
                > >
                > > 1) You should have assigned an Netbios Name to your NSLU2.
                > >
                > > All the shares you created will appear in « My Network place »
                > with the name
                > > of the NSLU2, and the name of the share.
                > >
                > > Note that if even if you haven't created any share, there should
                > be 2 lines
                > > by default :
                > >
                > > - admin1 on <NSLU2_Name_you_assigned>
                > \\<NSLU2_Name_you_assigned>\admin
                > > 1
                > >
                > > - disk 1 on <NSLU2_Name_you_assigned>
                > > \\<NSLU2_Name_you_assigned>\disk 1
                > >
                > >
                > >
                > >
                > >
                > > 2) Be careful that allowing the outside world to connect
                to
                > your NSLU2
                > > means that everybody connected to Internet is able to try and
                hack
                > your
                > > files. This is a significant security concern that should be
                > raised.
                > >
                > >
                > >
                > > To be able to share a ressource from outside your network (you
                LAN
                > = Local
                > > Area Network), you must enable the `sharing protocol' (aka
                > Netbios) to cross
                > > your equipments (mainly your router).
                > >
                > >
                > >
                > > There are 3 steps to perform
                > >
                > >
                > >
                > > Step 0 : Check if your ISP doesn't block the Netbios ports
                > >
                > >
                > >
                > > Sometimes (more and more often), the ISP blocks the Netbios ports
                > for
                > > security reasons.
                > >
                > > You should check in the FAQ if your ISP blocks the Netbios
                ports.
                > If it the
                > > case (like for mine), there is no real solution, other than
                > changing your
                > > ISP.
                > >
                > >
                > >
                > > Step 1 : Allow the Netbios trafic to cross your router/firewall
                > >
                > >
                > >
                > > Currently, most of the router embedd a firewall. You then must
                > tell your
                > > firewall embedded in the router you want to enable Netbios in
                both
                > direction
                > > :
                > >
                > > TCP 137
                > >
                > > UDP 138
                > >
                > > TCP 139
                > >
                > > (sorry, there are maybe others, but here are the ports found in
                > books).
                > >
                > >
                > >
                > > Step 2 : Tell your router what equipment (IP adress) will be the
                > target of
                > > incoming Netbios trafic
                > >
                > >
                > >
                > > You must configure your router to set the NSLU2 to be the
                > destination of all
                > > incoming Netbios requests.
                > >
                > > There is a common mode called `DMZ mode' that can be used. In
                this
                > mode, all
                > > incoming requests (Netbios or not) are sent to a single IP
                adress.
                > This mode
                > > should be used for tests purposes.
                > >
                > >
                > >
                > >
                > >
                > > Hope it can help
                > >
                > >
                > >
                > >
                > >
                > > Greetings
                > >
                > >
                > >
                > >
                > >
                > > _____
                > >
                > > De : nslu2-general@yahoogroups.com [mailto:nslu2-
                > general@yahoogroups.com] De
                > > la part de ladeeda168
                > > Envoyé : samedi 14 mai 2005 08:39
                > > À : nslu2-general@yahoogroups.com
                > > Objet : [nslu2-general] Some simple questions
                > >
                > >
                > >
                > > I've been scouring the Wiki and this group for an answer, but
                > don't
                > > seem to be able to find what I need. I think these are very,
                very
                > > basic questions:
                > >
                > > 1) How is the drive that is attached to the NSLU2 viewed from in-

                > > network computers? Is it in "My Network Places?" I've tried
                > looking
                > > at the manual, but this simple question doesn't seem to be
                > answered?
                > >
                > > 2) How do people OUT of my network view files? Is there a way to
                > do
                > > this without starting up an ftp client? Like a webpage based
                > > interface? Or something else? I would like to eliminate the
                FTP
                > > component and just have someone type in my domain (which would
                > then be
                > > run off DynDNS)...
                > >
                > > Thanks!
                > >
                > >
                > >
                > >
                > >
                > >
                > >
                > > _____
                > >
                > > Yahoo! Groups Links
                > >
                > > * To visit your group on the web, go to:
                > > http://groups.yahoo.com/group/nslu2-general/
                > >
                > > * To unsubscribe from this group, send an email to:
                > > nslu2-general-unsubscribe@yahoogroups.com
                > > <mailto:nslu2-general-unsubscribe@yahoogroups.com?
                > subject=Unsubscribe>
                > >
                > > * Your use of Yahoo! Groups is subject to the Yahoo!
                > > <http://docs.yahoo.com/info/terms/> Terms of Service.
                > >
                > >
                > >
                > > [Non-text portions of this message have been removed]
                >
                >
                >
                >
                >
                > Yahoo! Groups Links
              • Computer Guy
                Not necessarily; as a stock unit, the NSLU2 does not have ftp capability (that I know of). The only way to access the actual shares is either through the web
                Message 7 of 11 , May 16, 2005
                • 0 Attachment
                  Not necessarily; as a stock unit, the NSLU2 does not have ftp capability
                  (that I know of). The only way to access the actual shares is either
                  through the web interface (same interface used for administration) or
                  through NetBios. I personally wouldn't want people from outside my internal
                  network to have access to the standard NSLU2 web interface. There are too
                  many questions of security there. It is all a matter of acceptable risk;
                  for me, it is not acceptable as I have files on my NSLU2 that I don't want
                  accessible to anybody but me. If I didn't, I probably wouldn't worry as
                  much about it. However, if you offer the standard web interface to be the
                  main external access point, folks are one step closer to hacking into the
                  NSLU2 and destroying/manipulating your data.

                  -----Original Message-----
                  From: nslu2-general@yahoogroups.com [mailto:nslu2-general@yahoogroups.com]
                  On Behalf Of ladeeda168
                  Sent: Monday, May 16, 2005 8:08 AM
                  To: nslu2-general@yahoogroups.com
                  Subject: [nslu2-general] Re: Some simple questions

                  I understand what you're saying about security, but if I have a separate
                  server, wouldn't that defeat the purpose of the NSLU2?
                  Couldn't I just set up shared files on the same web/ftp server? Or am I
                  misreading what you recommended?

                  Thanks!



                  --- In nslu2-general@yahoogroups.com, "Computer Guy"
                  <computerguy@t...> wrote:
                  > The NSLU2 has a web server enabled by default; this is the way you
                  access
                  > the admin interface. If you used DynDNS, you could point port 80
                  to your
                  > NSLU2 and people would be able to access the device through the
                  same web
                  > interface.
                  >
                  > As for security; that should be your primary concern... If you
                  allow
                  > everybody to have access through the web interface, as was stated
                  earlier,
                  > you are opening up a hole that hackers will attempt to gain access
                  through.
                  > While it may not be the easiest of solutions, it would still be
                  better to
                  > set up a separate web/ftp server and host the files through
                  there. That
                  > way, you have 2 layers of security - 1 from the NSLU2 and 1 from
                  your
                  > separate server. Just my $.02.
                  >
                  > Matt B.
                  >
                  > -----Original Message-----
                  > From: nslu2-general@yahoogroups.com [mailto:nslu2-
                  general@yahoogroups.com]
                  > On Behalf Of ladeeda168
                  > Sent: Sunday, May 15, 2005 11:35 PM
                  > To: nslu2-general@yahoogroups.com
                  > Subject: [nslu2-general] Re: Some simple questions
                  >
                  > Thanks for your help.
                  >
                  > I am concerned about #2 (sharing with people outside my
                  network)...What
                  > about all the people who run web servers off their NSLU2? How do
                  they keep
                  > from "being hacked?"
                  >
                  > All I wanna do is share photos and maybe a few other files with
                  family and
                  > friends...and I don't want to do it so they have to do it through
                  an FTP
                  > client.
                  >
                  > --- In nslu2-general@yahoogroups.com, "jncharli - tele2"
                  > <jncharli@t...> wrote:
                  > > Hello,
                  > >
                  > >
                  > >
                  > > 1) You should have assigned an Netbios Name to your NSLU2.
                  > >
                  > > All the shares you created will appear in « My Network place »
                  > with the name
                  > > of the NSLU2, and the name of the share.
                  > >
                  > > Note that if even if you haven't created any share, there should
                  > be 2 lines
                  > > by default :
                  > >
                  > > - admin1 on <NSLU2_Name_you_assigned>
                  > \\<NSLU2_Name_you_assigned>\admin
                  > > 1
                  > >
                  > > - disk 1 on <NSLU2_Name_you_assigned>
                  > > \\<NSLU2_Name_you_assigned>\disk 1
                  > >
                  > >
                  > >
                  > >
                  > >
                  > > 2) Be careful that allowing the outside world to connect
                  to
                  > your NSLU2
                  > > means that everybody connected to Internet is able to try and
                  hack
                  > your
                  > > files. This is a significant security concern that should be
                  > raised.
                  > >
                  > >
                  > >
                  > > To be able to share a ressource from outside your network (you
                  LAN
                  > = Local
                  > > Area Network), you must enable the `sharing protocol' (aka
                  > Netbios) to cross
                  > > your equipments (mainly your router).
                  > >
                  > >
                  > >
                  > > There are 3 steps to perform
                  > >
                  > >
                  > >
                  > > Step 0 : Check if your ISP doesn't block the Netbios ports
                  > >
                  > >
                  > >
                  > > Sometimes (more and more often), the ISP blocks the Netbios ports
                  > for
                  > > security reasons.
                  > >
                  > > You should check in the FAQ if your ISP blocks the Netbios
                  ports.
                  > If it the
                  > > case (like for mine), there is no real solution, other than
                  > changing your
                  > > ISP.
                  > >
                  > >
                  > >
                  > > Step 1 : Allow the Netbios trafic to cross your router/firewall
                  > >
                  > >
                  > >
                  > > Currently, most of the router embedd a firewall. You then must
                  > tell your
                  > > firewall embedded in the router you want to enable Netbios in
                  both
                  > direction
                  > > :
                  > >
                  > > TCP 137
                  > >
                  > > UDP 138
                  > >
                  > > TCP 139
                  > >
                  > > (sorry, there are maybe others, but here are the ports found in
                  > books).
                  > >
                  > >
                  > >
                  > > Step 2 : Tell your router what equipment (IP adress) will be the
                  > target of
                  > > incoming Netbios trafic
                  > >
                  > >
                  > >
                  > > You must configure your router to set the NSLU2 to be the
                  > destination of all
                  > > incoming Netbios requests.
                  > >
                  > > There is a common mode called `DMZ mode' that can be used. In
                  this
                  > mode, all
                  > > incoming requests (Netbios or not) are sent to a single IP
                  adress.
                  > This mode
                  > > should be used for tests purposes.
                  > >
                  > >
                  > >
                  > >
                  > >
                  > > Hope it can help
                  > >
                  > >
                  > >
                  > >
                  > >
                  > > Greetings
                  > >
                  > >
                  > >
                  > >
                  > >
                  > > _____
                  > >
                  > > De : nslu2-general@yahoogroups.com [mailto:nslu2-
                  > general@yahoogroups.com] De
                  > > la part de ladeeda168
                  > > Envoyé : samedi 14 mai 2005 08:39
                  > > À : nslu2-general@yahoogroups.com
                  > > Objet : [nslu2-general] Some simple questions
                  > >
                  > >
                  > >
                  > > I've been scouring the Wiki and this group for an answer, but
                  > don't
                  > > seem to be able to find what I need. I think these are very,
                  very
                  > > basic questions:
                  > >
                  > > 1) How is the drive that is attached to the NSLU2 viewed from in-

                  > > network computers? Is it in "My Network Places?" I've tried
                  > looking
                  > > at the manual, but this simple question doesn't seem to be
                  > answered?
                  > >
                  > > 2) How do people OUT of my network view files? Is there a way to
                  > do
                  > > this without starting up an ftp client? Like a webpage based
                  > > interface? Or something else? I would like to eliminate the
                  FTP
                  > > component and just have someone type in my domain (which would
                  > then be
                  > > run off DynDNS)...
                  > >
                  > > Thanks!
                  > >
                  > >
                  > >
                  > >
                  > >
                  > >
                  > >
                  > > _____
                  > >
                  > > Yahoo! Groups Links
                  > >
                  > > * To visit your group on the web, go to:
                  > > http://groups.yahoo.com/group/nslu2-general/
                  > >
                  > > * To unsubscribe from this group, send an email to:
                  > > nslu2-general-unsubscribe@yahoogroups.com
                  > > <mailto:nslu2-general-unsubscribe@yahoogroups.com?
                  > subject=Unsubscribe>
                  > >
                  > > * Your use of Yahoo! Groups is subject to the Yahoo!
                  > > <http://docs.yahoo.com/info/terms/> Terms of Service.
                  > >
                  > >
                  > >
                  > > [Non-text portions of this message have been removed]
                  >
                  >
                  >
                  >
                  >
                  > Yahoo! Groups Links





                  Yahoo! Groups Links
                • ladeeda168
                  Yes, I completely understand the vulnerability if I leave it in its stock condition. And I guess I wasn t clear...I wanted to know if anyone has modified
                  Message 8 of 11 , May 16, 2005
                  • 0 Attachment
                    Yes, I completely understand the vulnerability if I leave it in its
                    stock condition. And I guess I wasn't clear...I wanted to know if
                    anyone has modified their NSLU2 to become a more secure file
                    server/gallery so that I don't have to expose the admin interface.
                    I see some people have run web pages off the NSLU2, which is great,
                    but web pages don't autoupdate with shared files (I'd have update an
                    HTML list everytime)...

                    Maybe I'm asking for something that doesn't exist?

                    --- In nslu2-general@yahoogroups.com, "Computer Guy"
                    <computerguy@t...> wrote:
                    > Not necessarily; as a stock unit, the NSLU2 does not have ftp
                    capability
                    > (that I know of). The only way to access the actual shares is
                    either
                    > through the web interface (same interface used for administration)
                    or
                    > through NetBios. I personally wouldn't want people from outside
                    my internal
                    > network to have access to the standard NSLU2 web interface. There
                    are too
                    > many questions of security there. It is all a matter of
                    acceptable risk;
                    > for me, it is not acceptable as I have files on my NSLU2 that I
                    don't want
                    > accessible to anybody but me. If I didn't, I probably wouldn't
                    worry as
                    > much about it. However, if you offer the standard web interface
                    to be the
                    > main external access point, folks are one step closer to hacking
                    into the
                    > NSLU2 and destroying/manipulating your data.
                    >
                    > -----Original Message-----
                    > From: nslu2-general@yahoogroups.com [mailto:nslu2-
                    general@yahoogroups.com]
                    > On Behalf Of ladeeda168
                    > Sent: Monday, May 16, 2005 8:08 AM
                    > To: nslu2-general@yahoogroups.com
                    > Subject: [nslu2-general] Re: Some simple questions
                    >
                    > I understand what you're saying about security, but if I have a
                    separate
                    > server, wouldn't that defeat the purpose of the NSLU2?
                    > Couldn't I just set up shared files on the same web/ftp server?
                    Or am I
                    > misreading what you recommended?
                    >
                    > Thanks!
                    >
                    >
                    >
                    > --- In nslu2-general@yahoogroups.com, "Computer Guy"
                    > <computerguy@t...> wrote:
                    > > The NSLU2 has a web server enabled by default; this is the way
                    you
                    > access
                    > > the admin interface. If you used DynDNS, you could point port 80
                    > to your
                    > > NSLU2 and people would be able to access the device through the
                    > same web
                    > > interface.
                    > >
                    > > As for security; that should be your primary concern... If you
                    > allow
                    > > everybody to have access through the web interface, as was stated
                    > earlier,
                    > > you are opening up a hole that hackers will attempt to gain
                    access
                    > through.
                    > > While it may not be the easiest of solutions, it would still be
                    > better to
                    > > set up a separate web/ftp server and host the files through
                    > there. That
                    > > way, you have 2 layers of security - 1 from the NSLU2 and 1 from
                    > your
                    > > separate server. Just my $.02.
                    > >
                    > > Matt B.
                    > >
                    > > -----Original Message-----
                    > > From: nslu2-general@yahoogroups.com [mailto:nslu2-
                    > general@yahoogroups.com]
                    > > On Behalf Of ladeeda168
                    > > Sent: Sunday, May 15, 2005 11:35 PM
                    > > To: nslu2-general@yahoogroups.com
                    > > Subject: [nslu2-general] Re: Some simple questions
                    > >
                    > > Thanks for your help.
                    > >
                    > > I am concerned about #2 (sharing with people outside my
                    > network)...What
                    > > about all the people who run web servers off their NSLU2? How do
                    > they keep
                    > > from "being hacked?"
                    > >
                    > > All I wanna do is share photos and maybe a few other files with
                    > family and
                    > > friends...and I don't want to do it so they have to do it through
                    > an FTP
                    > > client.
                    > >
                    > > --- In nslu2-general@yahoogroups.com, "jncharli - tele2"
                    > > <jncharli@t...> wrote:
                    > > > Hello,
                    > > >
                    > > >
                    > > >
                    > > > 1) You should have assigned an Netbios Name to your
                    NSLU2.
                    > > >
                    > > > All the shares you created will appear in « My Network place »
                    > > with the name
                    > > > of the NSLU2, and the name of the share.
                    > > >
                    > > > Note that if even if you haven't created any share, there
                    should
                    > > be 2 lines
                    > > > by default :
                    > > >
                    > > > - admin1 on <NSLU2_Name_you_assigned>
                    > > \\<NSLU2_Name_you_assigned>\admin
                    > > > 1
                    > > >
                    > > > - disk 1 on <NSLU2_Name_you_assigned>
                    > > > \\<NSLU2_Name_you_assigned>\disk 1
                    > > >
                    > > >
                    > > >
                    > > >
                    > > >
                    > > > 2) Be careful that allowing the outside world to connect
                    > to
                    > > your NSLU2
                    > > > means that everybody connected to Internet is able to try and
                    > hack
                    > > your
                    > > > files. This is a significant security concern that should be
                    > > raised.
                    > > >
                    > > >
                    > > >
                    > > > To be able to share a ressource from outside your network (you
                    > LAN
                    > > = Local
                    > > > Area Network), you must enable the `sharing protocol' (aka
                    > > Netbios) to cross
                    > > > your equipments (mainly your router).
                    > > >
                    > > >
                    > > >
                    > > > There are 3 steps to perform
                    > > >
                    > > >
                    > > >
                    > > > Step 0 : Check if your ISP doesn't block the Netbios ports
                    > > >
                    > > >
                    > > >
                    > > > Sometimes (more and more often), the ISP blocks the Netbios
                    ports
                    > > for
                    > > > security reasons.
                    > > >
                    > > > You should check in the FAQ if your ISP blocks the Netbios
                    > ports.
                    > > If it the
                    > > > case (like for mine), there is no real solution, other than
                    > > changing your
                    > > > ISP.
                    > > >
                    > > >
                    > > >
                    > > > Step 1 : Allow the Netbios trafic to cross your router/firewall
                    > > >
                    > > >
                    > > >
                    > > > Currently, most of the router embedd a firewall. You then must
                    > > tell your
                    > > > firewall embedded in the router you want to enable Netbios in
                    > both
                    > > direction
                    > > > :
                    > > >
                    > > > TCP 137
                    > > >
                    > > > UDP 138
                    > > >
                    > > > TCP 139
                    > > >
                    > > > (sorry, there are maybe others, but here are the ports found in
                    > > books).
                    > > >
                    > > >
                    > > >
                    > > > Step 2 : Tell your router what equipment (IP adress) will be
                    the
                    > > target of
                    > > > incoming Netbios trafic
                    > > >
                    > > >
                    > > >
                    > > > You must configure your router to set the NSLU2 to be the
                    > > destination of all
                    > > > incoming Netbios requests.
                    > > >
                    > > > There is a common mode called `DMZ mode' that can be used. In
                    > this
                    > > mode, all
                    > > > incoming requests (Netbios or not) are sent to a single IP
                    > adress.
                    > > This mode
                    > > > should be used for tests purposes.
                    > > >
                    > > >
                    > > >
                    > > >
                    > > >
                    > > > Hope it can help
                    > > >
                    > > >
                    > > >
                    > > >
                    > > >
                    > > > Greetings
                    > > >
                    > > >
                    > > >
                    > > >
                    > > >
                    > > > _____
                    > > >
                    > > > De : nslu2-general@yahoogroups.com [mailto:nslu2-
                    > > general@yahoogroups.com] De
                    > > > la part de ladeeda168
                    > > > Envoyé : samedi 14 mai 2005 08:39
                    > > > À : nslu2-general@yahoogroups.com
                    > > > Objet : [nslu2-general] Some simple questions
                    > > >
                    > > >
                    > > >
                    > > > I've been scouring the Wiki and this group for an answer, but
                    > > don't
                    > > > seem to be able to find what I need. I think these are very,
                    > very
                    > > > basic questions:
                    > > >
                    > > > 1) How is the drive that is attached to the NSLU2 viewed from
                    in-
                    >
                    > > > network computers? Is it in "My Network Places?" I've tried
                    > > looking
                    > > > at the manual, but this simple question doesn't seem to be
                    > > answered?
                    > > >
                    > > > 2) How do people OUT of my network view files? Is there a way
                    to
                    > > do
                    > > > this without starting up an ftp client? Like a webpage based
                    > > > interface? Or something else? I would like to eliminate the
                    > FTP
                    > > > component and just have someone type in my domain (which would
                    > > then be
                    > > > run off DynDNS)...
                    > > >
                    > > > Thanks!
                    > > >
                    > > >
                    > > >
                    > > >
                    > > >
                    > > >
                    > > >
                    > > > _____
                    > > >
                    > > > Yahoo! Groups Links
                    > > >
                    > > > * To visit your group on the web, go to:
                    > > > http://groups.yahoo.com/group/nslu2-general/
                    > > >
                    > > > * To unsubscribe from this group, send an email to:
                    > > > nslu2-general-unsubscribe@yahoogroups.com
                    > > > <mailto:nslu2-general-unsubscribe@yahoogroups.com?
                    > > subject=Unsubscribe>
                    > > >
                    > > > * Your use of Yahoo! Groups is subject to the Yahoo!
                    > > > <http://docs.yahoo.com/info/terms/> Terms of Service.
                    > > >
                    > > >
                    > > >
                    > > > [Non-text portions of this message have been removed]
                    > >
                    > >
                    > >
                    > >
                    > >
                    > > Yahoo! Groups Links
                    >
                    >
                    >
                    >
                    >
                    > Yahoo! Groups Links
                  • Donald Wong
                    Most web browsers support the FTP protocol, so you don t need to install an FTP client. Just type in ftp://ftp.somewhere.com in the address bar and you re
                    Message 9 of 11 , May 16, 2005
                    • 0 Attachment
                      Most web browsers support the FTP protocol, so you
                      don't need to install an FTP client. Just type in
                      ftp://ftp.somewhere.com in the address bar and you're
                      good to go, assuming you've enabled anonymous access.

                      Don

                      --- ladeeda168 <magic168@...> wrote:

                      > Yes, I completely understand the vulnerability if I
                      > leave it in its
                      > stock condition. And I guess I wasn't clear...I
                      > wanted to know if
                      > anyone has modified their NSLU2 to become a more
                      > secure file
                      > server/gallery so that I don't have to expose the
                      > admin interface.
                      > I see some people have run web pages off the NSLU2,
                      > which is great,
                      > but web pages don't autoupdate with shared files
                      > (I'd have update an
                      > HTML list everytime)...
                      >
                      > Maybe I'm asking for something that doesn't exist?
                      >
                      > --- In nslu2-general@yahoogroups.com, "Computer Guy"
                      >
                      > <computerguy@t...> wrote:
                      > > Not necessarily; as a stock unit, the NSLU2 does
                      > not have ftp
                      > capability
                      > > (that I know of). The only way to access the
                      > actual shares is
                      > either
                      > > through the web interface (same interface used for
                      > administration)
                      > or
                      > > through NetBios. I personally wouldn't want
                      > people from outside
                      > my internal
                      > > network to have access to the standard NSLU2 web
                      > interface. There
                      > are too
                      > > many questions of security there. It is all a
                      > matter of
                      > acceptable risk;
                      > > for me, it is not acceptable as I have files on my
                      > NSLU2 that I
                      > don't want
                      > > accessible to anybody but me. If I didn't, I
                      > probably wouldn't
                      > worry as
                      > > much about it. However, if you offer the standard
                      > web interface
                      > to be the
                      > > main external access point, folks are one step
                      > closer to hacking
                      > into the
                      > > NSLU2 and destroying/manipulating your data.
                      > >
                      > > -----Original Message-----
                      > > From: nslu2-general@yahoogroups.com [mailto:nslu2-
                      > general@yahoogroups.com]
                      > > On Behalf Of ladeeda168
                      > > Sent: Monday, May 16, 2005 8:08 AM
                      > > To: nslu2-general@yahoogroups.com
                      > > Subject: [nslu2-general] Re: Some simple questions
                      > >
                      > > I understand what you're saying about security,
                      > but if I have a
                      > separate
                      > > server, wouldn't that defeat the purpose of the
                      > NSLU2?
                      > > Couldn't I just set up shared files on the same
                      > web/ftp server?
                      > Or am I
                      > > misreading what you recommended?
                      > >
                      > > Thanks!
                      > >
                      > >
                      > >
                      > > --- In nslu2-general@yahoogroups.com, "Computer
                      > Guy"
                      > > <computerguy@t...> wrote:
                      > > > The NSLU2 has a web server enabled by default;
                      > this is the way
                      > you
                      > > access
                      > > > the admin interface. If you used DynDNS, you
                      > could point port 80
                      > > to your
                      > > > NSLU2 and people would be able to access the
                      > device through the
                      > > same web
                      > > > interface.
                      > > >
                      > > > As for security; that should be your primary
                      > concern... If you
                      > > allow
                      > > > everybody to have access through the web
                      > interface, as was stated
                      > > earlier,
                      > > > you are opening up a hole that hackers will
                      > attempt to gain
                      > access
                      > > through.
                      > > > While it may not be the easiest of solutions, it
                      > would still be
                      > > better to
                      > > > set up a separate web/ftp server and host the
                      > files through
                      > > there. That
                      > > > way, you have 2 layers of security - 1 from the
                      > NSLU2 and 1 from
                      > > your
                      > > > separate server. Just my $.02.
                      > > >
                      > > > Matt B.
                      > > >
                      > > > -----Original Message-----
                      > > > From: nslu2-general@yahoogroups.com
                      > [mailto:nslu2-
                      > > general@yahoogroups.com]
                      > > > On Behalf Of ladeeda168
                      > > > Sent: Sunday, May 15, 2005 11:35 PM
                      > > > To: nslu2-general@yahoogroups.com
                      > > > Subject: [nslu2-general] Re: Some simple
                      > questions
                      > > >
                      > > > Thanks for your help.
                      > > >
                      > > > I am concerned about #2 (sharing with people
                      > outside my
                      > > network)...What
                      > > > about all the people who run web servers off
                      > their NSLU2? How do
                      > > they keep
                      > > > from "being hacked?"
                      > > >
                      > > > All I wanna do is share photos and maybe a few
                      > other files with
                      > > family and
                      > > > friends...and I don't want to do it so they have
                      > to do it through
                      > > an FTP
                      > > > client.
                      > > >
                      > > > --- In nslu2-general@yahoogroups.com, "jncharli
                      > - tele2"
                      > > > <jncharli@t...> wrote:
                      > > > > Hello,
                      > > > >
                      > > > >
                      > > > >
                      > > > > 1) You should have assigned an Netbios
                      > Name to your
                      > NSLU2.
                      > > > >
                      > > > > All the shares you created will appear in � My
                      > Network place �
                      > > > with the name
                      > > > > of the NSLU2, and the name of the share.
                      > > > >
                      > > > > Note that if even if you haven't created any
                      > share, there
                      > should
                      > > > be 2 lines
                      > > > > by default :
                      > > > >
                      > > > > - admin1 on <NSLU2_Name_you_assigned>
                      > > > \\<NSLU2_Name_you_assigned>\admin
                      > > > > 1
                      > > > >
                      > > > > - disk 1 on <NSLU2_Name_you_assigned>
                      > > > > \\<NSLU2_Name_you_assigned>\disk 1
                      > > > >
                      > > > >
                      > > > >
                      > > > >
                      > > > >
                      > > > > 2) Be careful that allowing the outside
                      > world to connect
                      > > to
                      > > > your NSLU2
                      > > > > means that everybody connected to Internet is
                      > able to try and
                      > > hack
                      > > > your
                      > > > > files. This is a significant security concern
                      > that should be
                      > > > raised.
                      > > > >
                      > > > >
                      > > > >
                      > > > > To be able to share a ressource from outside
                      > your network (you
                      > > LAN
                      > > > = Local
                      > > > > Area Network), you must enable the `sharing
                      > protocol' (aka
                      > > > Netbios) to cross
                      > > > > your equipments (mainly your router).
                      > > > >
                      > > > >
                      > > > >
                      > > > > There are 3 steps to perform
                      > > > >
                      > > > >
                      > > > >
                      >
                      === message truncated ===
                    • Inge Bjørnvall Arnesen
                      ... Yes - there should be instructions on the Wiki on how to have several servers. I have dropped the Linksys interface alltogether, but you may also open up
                      Message 10 of 11 , May 16, 2005
                      • 0 Attachment
                        > I wanted
                        > to know if
                        > anyone has modified their NSLU2 to become a more secure
                        > file
                        > server/gallery so that I don't have to expose the admin
                        > interface.

                        Yes - there should be instructions on the Wiki on how to have several
                        servers. I have dropped the Linksys interface alltogether, but you may also
                        open up for only selected TCP ports in your router so they can only reach
                        your proper webserver (with Gallery) and not the NSLU2 interface (some
                        routers can map incoming port 80 to an arbitrary port on the host on the
                        inside). Similar port _blocking_ can also be (and should be) done for the
                        Netbios/SMB ports.

                        With Unslung 4 you may also use IP-tables in the NSLU2 to make it even more
                        secure with regards to what packets are accepted from/sent to various
                        IP-addresses to/from various ports. When running ftpd from xinetd, you can
                        also limit access in the xinetd config files (global or local to a single
                        service).

                        There are many possibilities.

                        best,

                        -- Inge

                        BTW: I can confirm that traffic shaping also works on Unslung 4.
                      • Matt McNeill
                        ... You could also look at using SSH for remote access. There is a HOWTO on the wiki which can help with that.
                        Message 11 of 11 , May 17, 2005
                        • 0 Attachment
                          > > I wanted
                          > > to know if
                          > > anyone has modified their NSLU2 to become a more secure
                          > > file
                          > > server/gallery so that I don't have to expose the admin
                          > > interface.

                          You could also look at using SSH for remote access. There is a HOWTO
                          on the wiki which can help with that.

                          http://www.nslu2-linux.org/wiki/HowTo/UseOpenSSHForRemoteAccess

                          On the other subject of web-sites, I am running multiple sites on my slug:

                          - thttpd Linksys admin pages on port 8080 (not available outside the
                          local subnet)
                          - Twonkyvision configuration daemon on 8090 (not available outside the
                          local subnet)
                          - appWeb user websites on port 80 and 443 for https (with the router
                          forwarding these ports to allow access from the internet to my slug).
                          appWeb also allows me to run virtual sites which depend on what domain
                          name is used to access it and also has folder level security etc.
                          Using this folder-level security over https might be an option to
                          expose your files if you don't want to use SSH.

                          I guess that you could use apache in place of appWeb but it is more of
                          a resource hog and I haven't played around with it at all.

                          Good luck

                          Matt
                        Your message has been successfully submitted and would be delivered to recipients shortly.