NFS mounts: security hole on firewall?

To: debian-firewall@lists.debian.org
Subject: NFS mounts: security hole on firewall?
From: Robert Guthrie <rguthrie@pobox.com>
Date: Sat, 17 Feb 2001 11:53:16 -0600
Message-id: <[🔎] 01021711531600.01083@harp>

I know this is probably a stupid question, but I'm trying to be paranoid and 
leave nothing to chance.  If I'm NOT running an nfs server of any kind on my 
firewall, but I am mounting an nfs share from my private network to my 
firewall, am I opening myself up to any big security risks?  I plan to lock 
down all incomming port connections below 1024, except for sshd's port.

I want to be able to parse /var/log and display annomolies in an 
internal-only web-page, and I thought it'd be safer & faster if I did it on 
my server (dual celeron), rather than my firewall (486).

You don't have to qualify your answers with any of the following scenearios:
o Firewall is compromised from other security hole.
o Weird networking/kernel bug not related to nfs directly
o Acts of root ("God, root; what is difference?")
o Local security problems.  I can trust my wife not hack from within our 
house ;-)


-- 
Bedfellows make strange politicians.

Reply to:

Follow-Ups:
- Re: NFS mounts: security hole on firewall?
  - From: Brian Russo <brusso@phys.hawaii.edu>
- Re: NFS mounts: security hole on firewall?
  - From: Arjen Krap <arjen@krap.demon.nl>

Prev by Date: Re: Port forwarding OpenSSH: firewalled box open to non-ssh exploits?
Next by Date: Re: NFS mounts: security hole on firewall?
Previous by thread: Re: Port forwarding OpenSSH: firewalled box open to non-ssh exploits?
Next by thread: Re: NFS mounts: security hole on firewall?
Index(es):
- Date
- Thread