contact at winterei.se
Mon Jun 2 12:23:36 UTC 2014
On 6/2/2014 午後 09:19, Andrew Latham wrote:
> I use OpenVPN to access an Admin/sandboxed network with insecure portals,
> wiki, and ipmi.
> On Jun 2, 2014 7:13 AM, "Randy Bush" <randy at psg.com> wrote:
>> so how to folk protect yet access ipmi? it is pretty vulnerable, so 99%
>> of the time i want it blocked off. but that other 1%, i want kvm
>> console, remote media, and dim sum.
>> currently, i just block the ip address chunk into which i put ipmi at
>> the border of the rack. when i want access, i reconfig the acl. bit of
>> a pita.
>> anyone care to share better idea(s)? thanks.
On most ATEN chip based BMC boards from Supermicro, it includes a UI to
iptables that works in the same way.
You could put it on a public net, allow your stuff and DROP 0.0.0.0/0.
But unless you have servers with those, I think the best way to go is
putting them on internal IPs and then using some sort of a VPN.
More information about the NANOG