Cary, Kim wrote:
> Folks, if you had to have a single NAS system projected via NFS into
> DMZ1 & DMZ2 from Firewall Zone 3 would you do this by providing NAS IP
> inside DMZ1 & DMZ2 or by allowing sunrpc/nfs to cross the firewall from
> specified hosts?


The NFS protocol is completely insecure. If you really need to do filesharing
between machines, then put those machines into the same subnet and security
zone, rather than disable your firewall to the extent of letting filesharing
pass through it.

(Alternatively, if your security requirements mandate that these machines be in
separate DMZ's or security zones, then your security requirements have indicated
that they shouldn't be sharing files with each other.

--
-Chuck
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards