[ic] hardware for Interchange

[Jeff Carnahan]

} The other downside is that nfs just isn't secure.  Unless you are
} tunneling nfs through an ssh session, your data is exposed.  Unless
} you are running nfs on a private lan, your data is probably exposed.
} Unless you are running both boxes behind the same firewall that blocks
} portmapper and other nfs ports, your data is probably exposed.  nfs
} was pretty cool for its time, but in the world as we know it today
} it's just not secure.
}

A private LAN (no firewall necessary) should be fairly easy to setup. Simply
invest in two extra NIC cards for both machines, a switch to connect them
and assign private IP's to those two NIC's. Now route all NFS traffic over
that private network. Adding more machines is a snap, just plug them into
the switch dedicated to the private network.

If you have two boxes, this should cost you less than $150 to implement.

} nfs still works pretty well in special circumstances.  namely the nfs
} server is never addressable from outside the firewall (meaning no one
} on the internet can even see it) and the nfs traffic goes over a
} private lan (meaning that no interfaces on the lan route traffic over
} to an internet public interface).
}

Exactly.. A no brainier.

--
Jeff Carnahan - jcarnahan@networq.com