Firewall Wizards mailing list archives
Re: NFS for NAS across FW or virt Interface in DMZ.
From: Chuck Swiger <chuck () codefab com>
Date: Mon, 27 Mar 2006 06:35:17 -0500
Cary, Kim wrote:
Folks, if you had to have a single NAS system projected via NFS into DMZ1 & DMZ2 from Firewall Zone 3 would you do this by providing NAS IP inside DMZ1 & DMZ2 or by allowing sunrpc/nfs to cross the firewall from specified hosts?
The NFS protocol is completely insecure. If you really need to do filesharing between machines, then put those machines into the same subnet and security zone, rather than disable your firewall to the extent of letting filesharing pass through it. (Alternatively, if your security requirements mandate that these machines be in separate DMZ's or security zones, then your security requirements have indicated that they shouldn't be sharing files with each other. :) -- -Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- NFS for NAS across FW or virt Interface in DMZ. Cary, Kim (Mar 26)
- Re: NFS for NAS across FW or virt Interface in DMZ. Chuck Swiger (Mar 27)
- Re: NFS for NAS across FW or virt Interface in DMZ. Marcus J. Ranum (Mar 28)
- Re: NFS for NAS across FW or virt Interface in DMZ. Chuck Swiger (Mar 27)