Chris G wrote:
On Wed, Mar 26, 2008 at 11:44:58PM +0900, John Summerfield wrote:
Tim wrote:
On Wed, 2008-03-26 at 09:53 -0400, Tom Horsley wrote:
can't believe how widely used NFS is, because it is the source of
endless problems for me. I've never seen it work with any kind of
reliability at all. One thing I'll say for samba is that the data
actually seems to show up correctly on the other side :-).
I've had the opposite. Samba stalling and transferring at a rate slower
than I can retype a file. Samba never managing to connect to the other
side. The hassles of manually setting up each user. The hassles of
file permissions and ownership getting screwed up in transit. Compared
to NFS working without pain.
Though, I have to say that my painless NFS server is on a FC4 machine,
and that works fine. I've found I've had to manually mess with
firewalling to get it to work through anything higher than FC4.
I'm surprised you don't need to with FC4. It's actually fairly simple.
[root@xxxxxxxxxxxxx sysconfig]# cat nfs
LOCKD_TCPPORT=32768
LOCKD_UDPPORT=32788
RQUOTAD_PORT=621
MOUNTD_PORT=640
Surely a far easier approach to the firewall issues is to remove the
firewall completely to the interface between your LAN and the outside
world. I just turn the firewall off on all the systems on my LAN and
the router firewall is set up to give me the security I want. It
simplifies maintenance too because there is only one firewall to set
up and systems behind the firewall can be as lax as they like and be
re-installed frequently without problems.
I have several subnets at school (students, staff) and at home
(different physical locations). Traffic between subnets is filtered.
My firewalls filter traffic both ways. Should you actually manage to
install malware inside my LAN, it might be able to do spam _if_ it can
contact an IRC bot, but it probably can't do that, and certainly
portscanning the world will be difficult.
If you run a web server or a whois server on a non-standard port, the
odds are good I won't visit your server.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)