From owner-freebsd-stable  Thu May 10 12: 6:43 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from tethys.valhalla.net (tethys.valhalla.net [195.26.32.112])
	by hub.freebsd.org (Postfix) with ESMTP id BAF6937B422
	for <freebsd-stable@FreeBSD.ORG>; Thu, 10 May 2001 12:06:36 -0700 (PDT)
	(envelope-from mark@tethys.valhalla.net)
Received: by tethys.valhalla.net (Postfix, from userid 500)
	id 1CF1C33009; Thu, 10 May 2001 20:06:36 +0100 (BST)
Date: Thu, 10 May 2001 20:06:36 +0100
From: Mark Drayton <mark.drayton@4thwave.co.uk>
To: freebsd-stable@FreeBSD.ORG
Subject: Re: nfs and ipfw
Message-ID: <20010510200636.B31701@tethys.valhalla.net>
Mail-Followup-To: freebsd-stable@FreeBSD.ORG
References: <200105101616.f4AGG2u97467@pau-amma.whistle.com> <Pine.SOL.4.30.0105100922130.22139-100000@argus.EECS.Berkeley.EDU>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.SOL.4.30.0105100922130.22139-100000@argus.EECS.Berkeley.EDU>; from mandric@EECS.Berkeley.EDU on Thu, May 10, 2001 at 09:37:22AM -0700
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Milan Andric (mandric@EECS.Berkeley.EDU) wrote:
> 
> On Thu, 10 May 2001, David Wolfskill wrote:
> 
> > Actually, if you want all UDP to flow unhindered, why bother with a
> > "firewall"??!?
> <newbie> to limit it by ip, and wouldn't a reverse lookup keep people
> from spoofing?  </newbie>
> 
> vpn is not currently an option here, so how else does one deal with
> nfs? Isn't it the most common way to share in unix environments?  So
> it's probably a common problem.  How do we deal with it sanely?  If
> the answer is "don't use it."  i'll accept that.. but it's not very
> helpful to those that are hooked.

NFS is a useful way of sharing files between machines, but these
machines are usually on the same network which is all behind one
firewall. It's not normailly used to share data between sites over the
internet. Depending what you want to do, rsync is a good way of
replicating data between machines. It'll run over ssh for encryption and
it would be easy to open a single port on your firewall to allow it.
rsync is in the ports.

Cheers,

-- 

Mark Drayton

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message