Firewall or Windows Authentication for My Passport Wireless

Hi everyone. I have been messing around a bit with my mypassport wireless 3tb drive. I love this little thing. I love the SSH interface into the Linux OS. Anyway the only thing that has bothered me is the “nobody:nogroup” default permissions built into the share. I’d like to limit that access to devices that I control.

I’m thinking of two ideas. Please comment on one or both if you have any thoughts or especially experience doing this with this device.

  1. (Easier solution) Configure IPTABLES to default deny traffic and then permit traffic from 10.0.0.0/8 and 192.168.0.0/16. (I use the device in two different locations from time to time.)
  2. Configure some form of SMB/Windows authentication compatibility so that I can configure the security permissions from my Windows laptop and set permissions to allow only my Windows local (SAM) user account.

Has anyone tried to lock down their MyPassport wireless? What has worked? Not worked? Thanks.

JW

Oh, and I know that with solution #1 I will lose the ability to get Internet firmware updates and any cloud services. I’m OK with that. I don’t use cloud services and I can do the updates manually. =)

I am yet to see a successful attempt at changing the unit’s permission settings, but hopefully an experienced User will be able to assist.

1 Like

It works! I had to mess with it a few times. First I set the default deny rule before creating permit rules. (Duh, rookie mistake.) Then I wrongly set the input interface to eth0. I finally got it working after I did everything right. Here are the rules I set up, if anyone is interested.

iptables -A INPUT -s 192.168.0.0/16 -j ACCEPT
iptables -A INPUT -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -s 127.0.0.0/8 -j ACCEPT
iptables -A INPUT -s 224.0.0.0/8 -j ACCEPT

That should cover you for pretty much any of the commonly used home IP address spaces, plus any local loopback and multicast traffic. If you want you could also include 172.16.0.0/12. (Check your home laptop’s IPCONFIG to find out what private address space you use, and be aware that if you take the drive somewhere else it might be different.

Finally to set the default deny policy for input packets:
iptables -P INPUT DROP

Now I don’t have to worry about the default wide open SMB access that this thing provides. =)