RE: NFS Over Private Network

From: Simon Thornton (
Date: 03/25/04

  • Next message: "Re: NFS Over Private Network"
    Date: Thu, 25 Mar 2004 10:19:01 +0100
    To: "'Michael Wright'" <>,

    Hi Michael,

    At the least I would replace the SUN portmapper with the one from the
    TCPwrappers suite. This will allow you to restrict access
    (/etc/hosts.allow) on the IP level to portmap and therefore to some
    services. For the NIC setup, use a separate subnet to the main interface
    and disable IP forwarding. It should not be possible for someone on the
    main network to send traffic to the private network. Some people use
    IPV6 on the backend if there front end only supports IPV4.

    You might also consider using a VPN tunnel or encrypt the NFS traffic
    between the boxes (stunnel, cipe, ssh etc) to avoid NFS being visible on
    the wire.

    If all the RPC & NFS traffic is on the backend segment and no IP
    forwarding is permitted on the hosts, then MITM attacks on NFS, from the
    front end network should not be possible.

    I would consider if NFS is really necesary, wherever possible don't use
    it. Maybe shared drive arrays are a better solution, they are certainly
    more reliable.



    -----Original Message-----
    From: Michael Wright []
    Sent: Wednesday, March 24, 2004 22:45
    Subject: NFS Over Private Network

    Hi, I have two Sun Servers (one running Solaris 8 the other Solaris 9).

    I would like to try and setup the machines so that I can use NFS over a
    private network between the two machines using their second NIC cards.
    Is this possible? Any information and suggestions would be greatly
    appreciated. Also, do I have to set anything special for the NICs as
    far as routing is concerned?



    PS: I know something like this was on the list previously, but I
    couldn't find any response to the question, so I'm asking again.


  • Next message: "Re: NFS Over Private Network"