Date: Wed, 20 Oct 1999 17:18:45 -0700 (PDT) From: Doug Barton <Doug@gorean.org> To: "Ronald F. Guilmette" <rfg@monkeys.com> Cc: Phil Homewood <philh@mincom.com>, Tony Finch <fanf@demon.net>, freebsd-questions@FreeBSD.ORG Subject: Re: Stupid file system tricks. Message-ID: <Pine.BSF.4.10.9910201716160.40358-100000@dt050n71.san.rr.com> In-Reply-To: <16908.940401221@monkeys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 19 Oct 1999, Ronald F. Guilmette wrote:
> Thanks. That _would_ work, if I was willing to trust NFS. But my
> (admittedly limited) understanding of it suggests that it is too
> much of a security risk to run NFS on anything that is connected to
> the public Internet.
In a situation like yours you wouldn't have a security risk
because you would only be connecting back to the local machine. With a
little creativity you could set up the exports file so that only 127.0.0.1
could access the shares, and then with a combination of tcp wrappers
and/or ipfw you can restrict access to the RPC services quite effectively.
We use a combination of inside/outside interfaces and carefully
constructed access rules to do just such a system at work, and I do the
same thing at home.
Good luck,
Doug
--
"Stop it, I'm gettin' misty."
- Mel Gibson as Porter, "Payback"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910201716160.40358-100000>