Networker
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Networker] RPC on a client outside the firewall

2004-04-29 11:42:34
Subject: Re: [Networker] RPC on a client outside the firewall
From: Rich Bonfoey <Rich.Bonfoey AT MAIL.TRIBNET DOT COM>
To: NETWORKER AT LISTMAIL.TEMPLE DOT EDU
Date: Thu, 29 Apr 2004 08:42:11 -0700 
Roy

Thanks for the tip.  We do use vpn quite a bit.  Do you know if you take any
kind of performance hit using vpn or is it so small its not worth sweating.

Rich

-----Original Message-----
From: Roy Kidder [mailto:RoyKidder AT YAHOO DOT COM]
Sent: Wednesday, April 28, 2004 8:02 PM
To: NETWORKER AT LISTMAIL.TEMPLE DOT EDU
Subject: Re: [Networker] RPC on a client outside the firewall

A slightly more complicated, but far more secure option is to use a
point-to-point vpn connection between the client outside the firewall and
the server inside the firewall. Many vpn solutions (I use vpnd,
sunsite.dk/vpnd) allow you to tunnel all your traffic (regardless of what
it is) over a single, encrypted tcp port, which usually satisfies network
and security folks, and still allows relatively unfettered access to
network services.

Hope that helps,
Roy



Stan Horwitz said:
> On Wed, 28 Apr 2004, Rich Bonfoey wrote:
>
>>Hey there
>>
>>We have a client ( running Solaris 8 ) that we would like to back up to
>> our
>>server ( Solaris 8).  The client is outside the firewall.  Our internet
>> guy
>>has RPC turned off ( security hole ) .  The server get a 'Connection
>> Timed
>>Out'.  I am assuming that because of the RPC being off it can't make a
>>connection.  Is there a way around using RPC ?  If not is there a more
>>secure RPC ?
>
> Your network guy is foolish. What should be turned off on Unix systems is
> portscanner. There's no need to turn rpc off completely. Further, it is
> also possible to configure select ranges of tcp/ip ports for NetWorker to
> use in backing up individual clients. This is described in the NetWorker
> administration guide.
>
> There are probably other options, but following the details under
> the firewall section of the admin guide is probably the best option.
>
> --
> Note: To sign off this list, send a "signoff networker" command via email
> to listserv AT listmail.temple DOT edu or visit the list's Web site at
> http://listmail.temple.edu/archives/networker.html where you can
> also view and post messages to the list.
> =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
>

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Networker] backup mail server very slow (linux), Yura Pismerov
Next by Date:  Re: [Networker] RPC on a client outside the firewall, Rich Bonfoey
Previous by Thread:  Re: [Networker] RPC on a client outside the firewall, Roy Kidder
Next by Thread:  Re: [Networker] RPC on a client outside the firewall, Rich Bonfoey
Indexes:  [Date] [Thread] [Top] [All Lists]