[SlugBug] sharing a file system between a DMZ and private
network.
Chris J
cej at nightwolf.org.uk
Tue Sep 30 12:49:23 BST 2003
And Lo! The Great Prophet " David Holden" uttered these words of wisdom:
>
> The typical firewall setup is private/DMZ/public. Does anyone know of ways
> of
> addressing the problem of machines in the DMZ accessing file systems
> located
> on machines in the private area and vica versa. I know it would be
> possible
> to configure NFS access between the two but this involves opening quite a
> view ports, any one know of other ways of addressing this problem?
>
Set up an SSH tunnel? This way you only need one port open (the SSH port)
and all the traffic will be tunneled between the SSH endpoints. SSH does
allow port tunneling as a standard feature, so in some respects it can be
seen as a weak point in a firewall (for instance, I can run PuTTY here at
work to connect to my machine at home, and set up a tunnel so remote port
4000 connects to local port 23, thus doing "telnet localhost 4000" on the
home machine would allow me to come in through the firewall, even though
the firewall blocks incoming connections - everything gets tunneled
through the outgoing SSH connection. Killing PuTTY though will close the
tunnel).
SSH tunneling is powerful, and also gives you the added benefit of having
the channel encrypted, which may be a bonus if you're going to do NFS over
a public network :)
Another way is look into configuring a VPN. But I've never done that so
couldn't point you at anywhere to start :)
Chris...
--
\ Chris Johnson \
\ cej at nightwolf.org.uk \
\ http://cej.nightwolf.org.uk/ ~-----------------------------------+
\ Redclaw chat - http://redclaw.org.uk - telnet redclaw.org.uk 2000 \____
More information about the SlugBug
mailing list