Re: Allowing NFS to machines based on MAC (?)
Kjetil Kjernsmo said:
> Hi folks!
> Short version of the question:
> How can I use the MAC address of certain machines to allow only those
> machines to mount NFS exports using IPTables?
> It's in serverhosting, and I control it completely. My parents connect
> to the net using ADSL, and there are currently to machines connecting
> through a router running Coyote.
MAC addresses are limited to your local LAN, you cannot resolve a
MAC address from a remote network. all incoming traffic to your
system will have the MAC of your router. To test this, install the
arping utility and try pinging a few different things, it has the
ability to translate MAC->IP address and IP address->MAC.
not only that NFS is dog slow over WAN, even at 1.5mbits(over VPN)
its unusable for me, same goes for SMB, dog slow).
> Or is this just a Very Bad Idea[tm]? I would be glad for all comments and
I say stick to ftp, or if you want security I reccomend SCP. at my
last company I had the opportunity to re-do the security of the public
servers and locked them down to RSA-only logins. I forced the dreamweaver
people to use SCP to transfer their files. they bitched, but they
understood the importance.
Another option is to tunnel NFS/TCP over SSH. but that would still
be dog slow I'm sure. Or establish a vpn between you and them(vtun
works great in my experience, very easy to setup and very NAT friendly).
but I think ftp or scp would be best.