From owner-freebsd-questions@FreeBSD.ORG Sat Jul 3 23:15:08 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B55A116A4CF for ; Sat, 3 Jul 2004 23:15:08 +0000 (GMT) Received: from enterprise.thenetnow.com (enterprise.thenetnow.com [65.39.193.152]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B62843D48 for ; Sat, 3 Jul 2004 23:15:08 +0000 (GMT) (envelope-from gpeel@thenetnow.com) Received: from grant (hpeel.ody.ca [216.240.12.2])i63N7kA27580; Sat, 3 Jul 2004 19:07:46 -0400 (EDT) (envelope-from gpeel@thenetnow.com) Message-ID: <002301c46153$9302a360$6601a8c0@grant> From: "Grant Peel" To: "Chuck Swiger" References: <00ba01c460fe$d9cae910$6601a8c0@grant> <40E6FBF2.1060201@mac.com> Date: Sat, 3 Jul 2004 19:15:04 -0400 Organization: The Net Now MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 cc: freebsd-questions@freebsd.org Subject: Re: NFS and Backups X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Grant Peel List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Jul 2004 23:15:08 -0000 So, If I set the exports so that it used 192.168.x.x, and, my managed switch is only set to alow members of my vlan to use those IPs, I should be OK in that case? -Grant ----- Original Message ----- From: "Chuck Swiger" To: "Grant Peel" Cc: Sent: Saturday, July 03, 2004 2:33 PM Subject: Re: NFS and Backups > Grant Peel wrote: > > I have recently decided to use some extra disk space on one of my servers as > > backup space. I have NFS client and Servers running OK, but was wondering how > > secure it really is. > > NFS is not secure at all. If you don't trust the local subnet, don't use NFS > there. Certainly don't use NFS across the Internet, unless using a secure > tunnelling/VPN protocol.... > > > So if in my nfsd configuration, I specify a host called 'ahab' for example, > > how does the nfsd authenticate this host, and how secure is it? > > NFS doesn't authenticate the host. NFS trusts the resolver when reversing the > IP addr into a hostname. > > -- > -Chuck > >