[CS-FSLUG] NFS Scenarios

Fred Miller fmiller at lightlink.com
Mon Nov 8 10:09:28 CST 2004

On Sunday November 7 2004 9:18 pm, Don Parris wrote:


> I am aware there are security issues with NFS, but wasn't sure exactly
> what was involved.  I am also aware that NIS is insecure by design.  I
> would rather use LDAP in my case, as it offers a more secure solution
> than NIS.  I mainly was curious about how to implement a sensible NFS
> configuration.  I will read up on the articles pointed out to me in
> your responses so far, and return with any further questions.  Thanks
> for the input.

Don, you can negate much of the security risk by having a switch or router on 
the "outside" of your LAN that has a configurable firewall. You set it up so 
that NFS is BLOCKED on the WAN side and only allowed on the LAN. You can also 
have a Linux server on the inside of the router/switch that does the same 
thing. I'm "double firewalled" here, but don't use NFS.

Hope this helps,


"Democracy is two wolves and a lamb voting on what to 
have for lunch. Liberty is a well-armed lamb contesting the
vote." - Benjamin Franklin 1759

More information about the Christiansource mailing list