From owner-freebsd-questions@FreeBSD.ORG Thu Jan 11 22:06:02 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1864116A407 for ; Thu, 11 Jan 2007 22:06:02 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from mxout1.cac.washington.edu (mxout1.cac.washington.edu [140.142.32.134]) by mx1.freebsd.org (Postfix) with ESMTP id E6C0B13C45A for ; Thu, 11 Jan 2007 22:06:01 +0000 (UTC) (envelope-from youshi10@u.washington.edu) Received: from smtp.washington.edu (smtp.washington.edu [140.142.32.141] (may be forged)) by mxout1.cac.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l0BM4pcU028913 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Thu, 11 Jan 2007 14:05:26 -0800 X-Auth-Received: from [192.168.0.101] (dsl254-013-145.sea1.dsl.speakeasy.net [216.254.13.145]) (authenticated authid=youshi10) by smtp.washington.edu (8.13.7+UW06.06/8.13.7+UW06.09) with ESMTP id l0BM4Qw6030404 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Thu, 11 Jan 2007 14:04:45 -0800 Message-ID: <45A6B464.5080107@u.washington.edu> Date: Thu, 11 Jan 2007 14:04:20 -0800 From: Garrett Cooper User-Agent: Thunderbird 1.5.0.9 (X11/20070109) MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <45A688C0.2020506@u.washington.edu> <45A6A3EF.5030101@u.washington.edu> <1BB74CBD-0BEA-43C7-8635-01AFB790A5AA@mac.com> <45A6B138.7000409@u.washington.edu> In-Reply-To: X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-PMX-Version: 5.2.2.285561, Antispam-Engine: 2.5.0.283055, Antispam-Data: 2007.1.11.134932 X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CP_URI_IN_BODY 0, __CT 0, __CTE 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __LINES_OF_YELLING 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0, __USER_AGENT 0' Subject: Re: Firewalls and RPC (was "Re: Improvement to IPFilter / nfsd in FBSD (6.2+?)") X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Jan 2007 22:06:02 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck Swiger wrote: > You really don't want to mix machines which are trusted with machines > which are not trusted on the same subnet. If you can't control which > client machines get which IPs, you pretty much cannot use firewall rules > to restrict filesharing only to the legit clients. Excellent point. > Perhaps you should consider setting up your own private subnet for your > machines, and having a firewall guarding access to your machines which > performs static NAT for the set of five IP addresses you've made claim to. I'm really starting to think that'd be a good idea. Thanks again for the comments--it really helps. - -Garrett -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.1 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFprRBEnKyINQw/HARAo8cAJ4sHIowqgCRbFMv6JDufsowxEDGGACePLKj NqyrOFDj6gbTQscMws0q6zg= =mDqk -----END PGP SIGNATURE-----