Port 139 is for file and printer service

Well, the ones marked in bold are Samba, so you can shut smbd down if not needed (as further below).

Basically if you feel to be exposed to any sort of security issues, either disable anything what isnt absolutely required (equals disabling everything but ssh ;)). Or disable anything not required and allow other services to bind only to localhost and then tunnel those to the client by ssh (will definitely not work for ftp, use scp instead, all others should work).

In case of services invoked by inetd disabling can be achieved by commenting out corresponding lines in /etc/inetd.conf.
Other services you have to unlink out of /etc/rc?.d


btw. i just figured out netstat in busybox not supporting -p option which will probably leave you a bit of research on your own. Anyways issuing in a terminal will provide you with a more extensive overview on what's really going on (which is quite a bit more, than a simple portscan from the outside shows up).

If you are completely unfamiliar with all the above blabla , just tell us what you actually want to achieve to get a more in-depth explanation, as i will definitely not start writing a novel about linux and networking basics here

smb sharing (intension to share folders residing on VU+) should got nothing to do with autofs (intension to mount folders shared elsewhere on the network on VU+ on demand).

To simple stop anything to be allowed to connect to the Box via smb edit /etc/samba/smb.conf as follows:

comment out (precede by #) the line "guest account = root"
change the line "security = share" to "security = user"
change all occurances of "public =" and "guest ok =" from "yes" to "no"

As there is no smbuser defined on the Box by default, this should result in no access possibe whatsover for now, but leaves you the opportunity to (more or less) easily make the Box accessible (this time in a safer way) at a later stage if desired.

Just as a side note:
The default configuration of the image has smb.conf in a condition, where anyone residing in the same network as the Box has full access to the smb shares. Which as of now is your neighbour at least. In case of any security holes in your WIFI Setup (see here) your box is open to the general public. Therefore I highly recommend blocking smb access possibilities immediately after flashing a new image, unless you have a hardwired only environment and are able to provide a satisfactory level of security to your network as a whole by other means.

It may sound fundamentalistic, but personally I recommend avoiding Wifi in general, wherever possible, and undergo every reasonable effort to do so.
In your case (sharing your line to your neighbour), one should consider using hardware which is capable of proper network segregation (most commonly: VLANs).

Original von fced
Wifi authentification is done by MAC address filtering...

That's more than nothing, but only slightly. Which means, you prevent kids from the neighbourhood effortless surfing on your line with their smartphones.
Malevolent wardrivers with a skill level of anywhere above marginal are not hindered by this.
Its up to you to decide, whether you want to take that (admittably low) risk, or just set up your Wifi to use WPA2.
VLAN on top, to separate your neighbours net from yours, depends on how much you trust your neighbour, but it won't harm anyways.

Sorry, i have no clue about specific alternative firmwares for Wifi routers, as mentioned above, I rather avoid Wifi at all :444:
Nevertheless i assume alternative firmwares to extend the capabilities of routers, so your chances are good.
When you're interested in doing fancy things with your router, also have a look at DD-WRT (if you don't know already)

Hi guys,
how I can change my samba.conf to access by LAN only with the VU user/pass (root/mypassword) ?

Thanks