[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: nfs exports

To: silug-discuss@silug.org
Subject: Re: nfs exports
From: Casey Boone <caseyboone@gmail.com>
Date: Mon, 22 Nov 2004 10:52:21 -0600
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=lvKWEQCkBWNwOaaiqiXuEUOJp/ILc5O2SVy++730vuGbuh2WUnrww5liGRW/69icRmZhxyQnz0A7zUZO0EX1n8WeWggmpSCeze7l3uWRW0JVZ5dJ0s/K9cV3JvEJNojjqEiXJmFrlOUCfS8tsam5x8F6HmM8q9QhPRFELvYQQ9o=
In-Reply-To: <CDE4772B-3CA5-11D9-8B6F-000A95880F88@alum.calberkeley.org>
Organization: Southern Illinois Linux Users Group
References: <c563274104112123032225f2ee@mail.gmail.com> <CDE4772B-3CA5-11D9-8B6F-000A95880F88@alum.calberkeley.org>
Reply-To: Casey Boone <caseyboone@gmail.com>
Sender: silug-discuss-owner@silug.org

internet<->linux firewall<->local lan<->linux fileserver


the firewall and fileserver are the ones i am doing nfs exports on

i plan on blocking all traffic from the internet side except inbound
ssh (actually that is how it is now for both public and private eth
interfaces, havent made eth1 trusted yet)


On Mon, 22 Nov 2004 10:44:40 -0600, Robert Citek
<rwcitek@alum.calberkeley.org> wrote:
> 
> On Monday, Nov 22, 2004, at 01:03 US/Central, Casey Boone wrote:
> > teaching myself how to use nfs exports (previously i just used samba)
> > what are the security implications of using nfs? is there anything i
> > should do (asside from iptables) in order to secure these shares?
> 
> What does your network layout look like?   For example, does it look
> like this:
> 
> {Net}--{modem/cable modem/ADSL modem/}--{NAT/FW/router}--{switch} ...
> machines
> 
> or like this:
> 
> {Net}--{switch} ... machines
> 
> or like this:
> 
> {Net}--{machine}--{switch} ... machines
> 
> or something else?  If you have the first setup above with two machines
> on the LAN side and only you are using the machines on the LAN side, I
> would use NFS and only worry about the security on the firewall.  On
> the other hand, if you have the second setup, I'd worry a lot and
> redesign the layout to look more like the first setup.
> 
> But that's just my opinion.
> 
> Regards,
> - Robert
> http://www.cwelug.org/downloads
> Help others get OpenSource.  Distribute FLOSS for
> Windows, Linux, *BSD, and MacOS X with BitTorrent
> 
> -
> To unsubscribe, send email to majordomo@silug.org with
> "unsubscribe silug-discuss" in the body.
>

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

Follow-Ups:
- Re: nfs exports
  - From: "Bryan J. Smith" <b.j.smith@ieee.org>

References:
- nfs exports
  - From: Casey Boone <caseyboone@gmail.com>
- Re: nfs exports
  - From: Robert Citek <rwcitek@alum.calberkeley.org>

Prev by Date: Re: nfs exports
Next by Date: mental note: i hate yum (was Apt v. Yum)
Prev by thread: Re: nfs exports
Next by thread: Re: nfs exports
Index(es):
- Date
- Thread