[lug] Silly Question

Holshouser, David dholshou at ball.com
Thu Oct 4 10:42:11 MDT 2001 

You asked for details. I hope the ascii art comes across ok.


The way my network stands now, I have a linux box acting as web, NAT, samba,

firewall, user space, on a network not under my direct control. 
It is hosting my domain and I want to move it to my place once I get a fat
pipe.

 /--\__/--\   _______   _______       /----win
/Internet /---|cable|---|linux|---hub+-----mac
\---\__/--    |modem|   | box |       \----win


That box will move closer to me and I will set up Sprint wireless.
I want to offer my brother and his wife (both inexperienced) the 
same transparancy that they have now to use their web/file/network 
storage space as before without relocating their user space to the 
new gateway machine I'll build for their network.

 /--\__/--\   _______   _______       /----win
/         /---|cable|---|linux|---hub+-----mac  Brother's Network
\  sNFS* |    |modem|   | box |       \----win
 | across|
 /Internet\   __________   _______       /----lin
/         /---| Sprint |---|linux|---hub+-----lin      My Network
\---\__/--    |Wireless|   | box |      |...
                                        |-----lin

* sNFS alludes to my hopes of a secure NFS.

So I want to mount his box to my local /home (as well as say, /mp3) so that
we can be VPN'd in a way. Is VPN a solution? How secure? How difficult?



> -----Original Message-----
> From: Kyle Moore [mailto:kmoore at mooreimages.com]
> Sent: Thursday, October 04, 2001 10:23 AM
> To: 'lug at lug.boulder.co.us'
> Subject: RE: [lug] Silly Question
> 
> 
> NFS insecure? Is that why some people call it Not For 
> Security rather than
> Network Filesystem? And don't forget my favorite, NIS. It stands for
> Network Intruder Service rather than Network Information Service.
> 
> Seriously though...I would recommend reading this before 
> implementing it. 
> http://www.sans.org/infosecFAQ/unix/nfs_security.htm
> 
> My take on NFS is like most other services. Don't use them if 
> you don't
> need them. And if you do use them make sure they are configured
> properly. 
> 
> Perhaps more detail on what problem you are trying to solve by sharing
> filesystems over the internet would be helpful for us to suggest the
> appropriate solution. I sure wouldn't try to share info over 
> the internet
> with plain NFS. However, depending on your situation, it is 
> probably fine
> for a secure local network.
> 
> ---
> Kyle Moore
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>

More information about the LUG mailing list