Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 18 Jun 2001 09:48:58 -0500
From:      Eric Anderson <anderson@centtech.com>
To:        Randy Smith <randys@amigo.net>
Cc:        freebsd-isp@freebsd.org, freebsd-security@freebsd.org
Subject:   Re: Require IPsec for NFS
Message-ID:  <3B2E14DA.C2819177@centtech.com>
References:  <3B2E10A1.5000302@amigo.net>

next in thread | previous in thread | raw e-mail | index | archive | help
When adding your spd's, you can restrict to port numbers and ip
addresses.
Check out 'man setkey, and look for 'dst_range'.  That should get you
started.

Eric


Randy Smith wrote:
> 
> Hi all,
> 
> I have a server that I want to mirror. I'm using NFS to connect the
> primary server to the mirror. The mirror is the NFS server and the
> primary server is the only IP address allowd to connect to portmap in
> /etc/hosts.allow. In order to prevent IP spoof attacts against NFS, I
> have IPsec setup between the hosts to authenticate the packets. That
> seems to prevent IP spoofing.
> 
> I want to know if it is possible to require all NFS connections to use
> IPsec or will this setup a reasonable way to protect NFS?
> 
> --
> Randy Smith
> Amigo.Net Systems Administrator
> 1-719-589-6100 x 4185
> http://www.amigo.net/
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
-------------------------------------------------------------------------------
Eric Anderson	 anderson@centtech.com    Centaur Technology    (512)
418-5792
For every complex problem, there is a solution that is simple, neat, and
wrong.
-------------------------------------------------------------------------------

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B2E14DA.C2819177>