Subject: Re: restricting NFS (and associated services) to one IP address
To: NetBSD Users's Discussion List <netbsd-users@NetBSD.org>
From: Christian Biere <christianbiere@gmx.de>
List: netbsd-users
Date: 10/09/2006 19:43:48
Steven M. Bellovin wrote:
> On Mon, 9 Oct 2006 10:21:57 -0700, Chuck Swiger <cswiger@mac.com> wrote:
> Who said anything about routing, firewalls, or NAT?  Not I.
> 
> The situation is more like this.  I have several machines A, B, and C
> that are exposed to the Internet.  They also need to share files among
> themselves via NFS, on a separate LAN.  I want to make sure that nasty
> packets don't get to the NFS-related services on these machines.  I
> could, I suppose, create machine D, which is only on the back end LAN; it
> could be the common file server.  For various reasons, that's not an
> ideal solution, though I may resort to it.  It also leaves open the
> question of keeping fake responses away from the NFS clients on A, B, and
> C.

What about VLAN or a virtual private LAN dedicated to NFS?

-- 
Christian