Date: Mon, 18 Jun 2001 09:48:58 -0500 From: Eric Anderson <anderson@centtech.com> To: Randy Smith <randys@amigo.net> Cc: freebsd-isp@freebsd.org, freebsd-security@freebsd.org Subject: Re: Require IPsec for NFS Message-ID: <3B2E14DA.C2819177@centtech.com> References: <3B2E10A1.5000302@amigo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
When adding your spd's, you can restrict to port numbers and ip addresses. Check out 'man setkey, and look for 'dst_range'. That should get you started. Eric Randy Smith wrote: > > Hi all, > > I have a server that I want to mirror. I'm using NFS to connect the > primary server to the mirror. The mirror is the NFS server and the > primary server is the only IP address allowd to connect to portmap in > /etc/hosts.allow. In order to prevent IP spoof attacts against NFS, I > have IPsec setup between the hosts to authenticate the packets. That > seems to prevent IP spoofing. > > I want to know if it is possible to require all NFS connections to use > IPsec or will this setup a reasonable way to protect NFS? > > -- > Randy Smith > Amigo.Net Systems Administrator > 1-719-589-6100 x 4185 > http://www.amigo.net/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- ------------------------------------------------------------------------------- Eric Anderson anderson@centtech.com Centaur Technology (512) 418-5792 For every complex problem, there is a solution that is simple, neat, and wrong. ------------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B2E14DA.C2819177>