Date: Wed, 20 Oct 1999 17:18:45 -0700 (PDT) From: Doug Barton <Doug@gorean.org> To: "Ronald F. Guilmette" <rfg@monkeys.com> Cc: Phil Homewood <philh@mincom.com>, Tony Finch <fanf@demon.net>, freebsd-questions@FreeBSD.ORG Subject: Re: Stupid file system tricks. Message-ID: <Pine.BSF.4.10.9910201716160.40358-100000@dt050n71.san.rr.com> In-Reply-To: <16908.940401221@monkeys.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 19 Oct 1999, Ronald F. Guilmette wrote: > Thanks. That _would_ work, if I was willing to trust NFS. But my > (admittedly limited) understanding of it suggests that it is too > much of a security risk to run NFS on anything that is connected to > the public Internet. In a situation like yours you wouldn't have a security risk because you would only be connecting back to the local machine. With a little creativity you could set up the exports file so that only 127.0.0.1 could access the shares, and then with a combination of tcp wrappers and/or ipfw you can restrict access to the RPC services quite effectively. We use a combination of inside/outside interfaces and carefully constructed access rules to do just such a system at work, and I do the same thing at home. Good luck, Doug -- "Stop it, I'm gettin' misty." - Mel Gibson as Porter, "Payback" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9910201716160.40358-100000>