Encrypted RPC and firewalling

• Previous message (by thread): Encrypted RPC and firewalling
• Next message (by thread): Encrypted RPC and firewalling
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 10 Nov 2011 09:56:51 +0100, Lasse Birnbaum Jensen said:
> I would like to know how you guys handle encypted rpc across firewalls.

You can always just set the firewall to ban RPC in general, whether or not it's
encrypted (while you're there, close off ports 137-139 and other chucklehead
stuff like that), and just make the user who's outside the firewall VPN in.  That's
a nice, simple, well-understood configuration that almost all software and even
most users can handle.

(We don't actually do a big monolithic firewall box - but pretty much
everything has an iptables ruleset loaded that says "if your source IP isn't
inside our 2 /16s, your packets go bye bye".  And there's a nice PPTP-based VPN
solution in place that even a humanities professor emeritus can use ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20111110/6ff4d403/attachment-0001.sig>

• Previous message (by thread): Encrypted RPC and firewalling
• Next message (by thread): Encrypted RPC and firewalling
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]