[buug] Secure NFS?
Jerry Asher
jerry-sourceforge at theashergroup.com
Tue Feb 18 14:34:05 PST 2003
> Here is my network map:
>
>
> ADSL router
> |
> \_______________________________________________
> | |
> feeling.weak.org weak.org
> | |
> Wireless Wired
> NAT NAT
> Network Network
>
> weak.org is the file server. feeling.weak.org is the NAT
> router/firewall. The hosts that want to mount files from weak.org are on
> the wired NAT network. The wireless NAT network is freely accessible to
> anyone.
>
> Since both NAT networks present the same IP address to the outside world
> (and thus to the fileserver), I can't just block the IP of the router.
> I could block outbound NFS traffic from the wireless NAT
> network, but that seems kludgey.
>
> My solution is to add a second ethernet card to weak.org into the wired
> NAT network.
>
> It's a shame NFS is the best working network file system in OS/X,
> because it's crap for security.
>
> -Jon
> _______________________________________________
> Buug mailing list
> Buug at weak.org
> http://www.weak.org/mailman/listinfo/buug
Is feeling.weak.org running Linux? If so, would a CIPE tunnel between
your wired network and weak.org suit your needs?
Jerry
More information about the buug
mailing list