[stunnel-users] NFS over stunnel
bri at stunnel.org
Sun Nov 18 16:56:02 CET 2007
Near 2007-11-16 12:18 -0600, Andy Wettstein spake:
> I wrote a document about how I am running NFS over stunnel. Using some
> firewall rules I was able to eliminate most of the complications for
> using secure NFS. It could probably use more detailed explanations, but
> the scripts I am using are all there.
The server allows rw access to localhost. Since stunnel will be showing
each incoming packet from localhost, this is the only IP you can use.
On the clients, you're listening on localhost (127.0.0.0/8 is all,
effectively, local.) You cannot distinguish the official mounts on
the clients from any random user running their own daemons.
This means anyone on any client can access this NFS directory as
any user, since the NFS model is purely client based userid/groupid
This is my first worry, but the rest of the writeup looks very detailed.
Not sure how well the server will handle multiple NFS mounts from the
same IP (localhost, no matter how many acutal clients.)
Brian Hatch He is no lawyer who
Systems and cannot take two sides.
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: Digital signature
More information about the stunnel-users