RE: NFS Over Private Network
From: Thomas Lindsay (lindsayt_at_socsci.umn.edu)
Date: 03/25/04
- Previous message: Leeds, Daniel: "RE: NFS Over Private Network"
- In reply to: Leeds, Daniel: "RE: NFS Over Private Network"
- Next in thread: Randy Williams: "RE: NFS Over Private Network"
- Reply: Randy Williams: "RE: NFS Over Private Network"
- Reply: John Rowan Littell: "RE: NFS Over Private Network"
- Reply: dreamwvr_at_dreamwvr.com: "Re: NFS Over Private Network"
- Reply: Luc I. Suryo: "Re: NFS Over Private Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 24 Mar 2004 22:52:46 -0600 (CST) To: "Leeds, Daniel" <dleeds@amgen.com>
To what degree does this solution *protect* the share itself? Is there a
way to tie the server share to a given interface, or better yet, bind nfsd
itself to a specific interface? Call me paranoid, but I don't trust the
builtin security mechanisms of nfs too far, especially considering the
vulnerability rates of some Solaris rpc services in recent years.
If nfsd cannot be specifically bound to a given interface (and hence not
bound to others), then a private network between two machines will serve
only to prevent man-in-the-middle types of attacks but still leaves the
data vulnerable to any attack on the nfs server itself through the public
interfaces.
Ideas?
Thomas Lindsay
UNIX systems administrator
Social Science Research Facility
University of Minnesota
On Wed, 24 Mar 2004, Leeds, Daniel wrote:
> should be simple. you can either cross connect the two machines secondary
> interfaces or plug each interface into a seperate VLAN/switch/hub.
>
> setup the ip's on each machine and hosts/dns entries as needed. verify
> connectivity via ping etc between the hosts.
>
> setup NFS as normal but mount via the private VLAN. so if hosta and hostb
> are primary and hosta-priv and hostb-priv are the new private network links
> your mount scenario would be:
>
> on host a: mount hostb-priv:/export /export
> on host b: mount hosta-priv:/export /export
>
> etc etc etc.
>
> --daniel
>
>
> > -----Original Message-----
> > From: Michael Wright [mailto:cshelp@plu.edu]
> > Sent: Wednesday, March 24, 2004 1:45 PM
> > To: focus-sun@securityfocus.com
> > Subject: NFS Over Private Network
> >
> >
> > Hi, I have two Sun Servers (one running Solaris 8 the other
> > Solaris 9).
> > I would like to try and setup the machines so that I can use
> > NFS over a
> > private network between the two machines using their second
> > NIC cards.
> > Is this possible? Any information and suggestions would be greatly
> > appreciated. Also, do I have to set anything special for the NICs as
> > far as routing is concerned?
> >
> > Thanks,
> >
> > Michael
> >
> > PS: I know something like this was on the list previously, but I
> > couldn't find any response to the question, so I'm asking again.
> > --
> > Michael Wright
> > Technical Support Specialist
> > Computer Science and Engineering
> > email:wrightmj@plu.edu
> > Pacific Lutheran University
> > phone: 253-535-7408
> > Tacoma, WA 98447-0003 fax: 253-535-8700
> >
>
- Previous message: Leeds, Daniel: "RE: NFS Over Private Network"
- In reply to: Leeds, Daniel: "RE: NFS Over Private Network"
- Next in thread: Randy Williams: "RE: NFS Over Private Network"
- Reply: Randy Williams: "RE: NFS Over Private Network"
- Reply: John Rowan Littell: "RE: NFS Over Private Network"
- Reply: dreamwvr_at_dreamwvr.com: "Re: NFS Over Private Network"
- Reply: Luc I. Suryo: "Re: NFS Over Private Network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
