Re: [fw-wiz] NFS for NAS across FW or virt Interface in DMZ.
- From: Chuck Swiger <chuck@xxxxxxxxxxx>
- Date: Mon, 27 Mar 2006 06:35:17 -0500
Cary, Kim wrote:
Folks, if you had to have a single NAS system projected via NFS into
DMZ1 & DMZ2 from Firewall Zone 3 would you do this by providing NAS IP
inside DMZ1 & DMZ2 or by allowing sunrpc/nfs to cross the firewall from
specified hosts?
The NFS protocol is completely insecure. If you really need to do filesharing
between machines, then put those machines into the same subnet and security
zone, rather than disable your firewall to the extent of letting filesharing
pass through it.
(Alternatively, if your security requirements mandate that these machines be in
separate DMZ's or security zones, then your security requirements have indicated
that they shouldn't be sharing files with each other. :)
--
-Chuck
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] NFS for NAS across FW or virt Interface in DMZ.
- From: Marcus J. Ranum
- Re: [fw-wiz] NFS for NAS across FW or virt Interface in DMZ.
- References:
- [fw-wiz] NFS for NAS across FW or virt Interface in DMZ.
- From: Cary, Kim
- [fw-wiz] NFS for NAS across FW or virt Interface in DMZ.
- Prev by Date: Re: [fw-wiz] fun problem - possibly not possible
- Next by Date: Re: [fw-wiz] NFS for NAS across FW or virt Interface in DMZ.
- Previous by thread: [fw-wiz] NFS for NAS across FW or virt Interface in DMZ.
- Next by thread: Re: [fw-wiz] NFS for NAS across FW or virt Interface in DMZ.
- Index(es):
Relevant Pages
|
|
