From owner-freebsd-isp Mon Feb 17 10:45:58 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id KAA05529 for isp-outgoing; Mon, 17 Feb 1997 10:45:58 -0800 (PST) Received: from super-g.inch.com (super-g.com [204.178.32.161]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id KAA05523 for ; Mon, 17 Feb 1997 10:45:53 -0800 (PST) Received: from localhost (spork@localhost) by super-g.inch.com (8.8.5/8.6.9) with SMTP id NAA10851 for ; Mon, 17 Feb 1997 13:50:09 -0500 (EST) Date: Mon, 17 Feb 1997 13:50:09 -0500 (EST) From: spork X-Sender: spork@super-g.inch.com To: freebsd-isp@freebsd.org Subject: closed NFS network Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-isp@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, I'm trying to patch together a small 100M ether network for NFS traffic between our POP server and shell server (and in the future, additional shell machines). NFS looked like a good way to tackle this, as we can have the shell machine die, and PPP users can still do most everything but shell; our shell accounts are strictly a value-add. Also, future shell machines could go on the same network and access the same mail spool that resides on the POP machine, and they could export /home out to the web server as well. In the interest of security, it seems like putting NFS on a seperate, closed network is a bit safer. My questions then are: 1. Am I on the right track? It seems this is safer and faster than sharing the existing ethernet, and we've got the spare 100M cards. 2. Is there any value in using "inside" addresses (10.x.x.x) on these cards to further confuse someone trying to spoof one of these addresses? 3. So far, I've been unsuccessful in figuring out exactly how to explicitly state that the machine I'm exporting too is out on another network. I'm close, but I'm definetly missing something here... Any info is appreciated... Charles