Date: Mon, 17 Feb 1997 13:50:09 -0500 (EST) From: spork <spork@super-g.com> To: freebsd-isp@freebsd.org Subject: closed NFS network Message-ID: <Pine.BSF.3.95.970217134341.10802A-100000@super-g.inch.com>
next in thread | raw e-mail | index | archive | help
Hi, I'm trying to patch together a small 100M ether network for NFS traffic between our POP server and shell server (and in the future, additional shell machines). NFS looked like a good way to tackle this, as we can have the shell machine die, and PPP users can still do most everything but shell; our shell accounts are strictly a value-add. Also, future shell machines could go on the same network and access the same mail spool that resides on the POP machine, and they could export /home out to the web server as well. In the interest of security, it seems like putting NFS on a seperate, closed network is a bit safer. My questions then are: 1. Am I on the right track? It seems this is safer and faster than sharing the existing ethernet, and we've got the spare 100M cards. 2. Is there any value in using "inside" addresses (10.x.x.x) on these cards to further confuse someone trying to spoof one of these addresses? 3. So far, I've been unsuccessful in figuring out exactly how to explicitly state that the machine I'm exporting too is out on another network. I'm close, but I'm definetly missing something here... Any info is appreciated... Charles
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970217134341.10802A-100000>