Re: [fw-wiz] NFS for NAS across FW or virt Interface in DMZ.

Cary, Kim wrote:
Folks, if you had to have a single NAS system projected via NFS into
DMZ1 & DMZ2 from Firewall Zone 3 would you do this by providing NAS IP
inside DMZ1 & DMZ2 or by allowing sunrpc/nfs to cross the firewall from
specified hosts?

The NFS protocol is completely insecure. If you really need to do filesharing
between machines, then put those machines into the same subnet and security
zone, rather than disable your firewall to the extent of letting filesharing
pass through it.

(Alternatively, if your security requirements mandate that these machines be in
separate DMZ's or security zones, then your security requirements have indicated
that they shouldn't be sharing files with each other. :)

firewall-wizards mailing list