[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date
][Interchange by thread
]
RE: [ic] hardware for Interchange
} The other downside is that nfs just isn't secure. Unless you are
} tunneling nfs through an ssh session, your data is exposed. Unless
} you are running nfs on a private lan, your data is probably exposed.
} Unless you are running both boxes behind the same firewall that blocks
} portmapper and other nfs ports, your data is probably exposed. nfs
} was pretty cool for its time, but in the world as we know it today
} it's just not secure.
}
A private LAN (no firewall necessary) should be fairly easy to setup. Simply
invest in two extra NIC cards for both machines, a switch to connect them
and assign private IP's to those two NIC's. Now route all NFS traffic over
that private network. Adding more machines is a snap, just plug them into
the switch dedicated to the private network.
If you have two boxes, this should cost you less than $150 to implement.
} nfs still works pretty well in special circumstances. namely the nfs
} server is never addressable from outside the firewall (meaning no one
} on the internet can even see it) and the nfs traffic goes over a
} private lan (meaning that no interfaces on the lan route traffic over
} to an internet public interface).
}
Exactly.. A no brainier.
--
Jeff Carnahan - jcarnahan@networq.com
