Re: Allowing NFS to machines based on MAC (?)

To: <debian-user@lists.debian.org>
Subject: Re: Allowing NFS to machines based on MAC (?)
From: Kjetil Kjernsmo <kjetil@kjernsmo.net>
Date: Sat, 12 Oct 2002 11:51:06 +0200
Message-id: <[🔎] 200210121151.07003.kjetil@kjernsmo.net>
In-reply-to: <[🔎] 6425.216.39.174.24.1034380858.squirrel@webmail.linuxpowered.net>
References: <[🔎] 200210112333.34939.kjetil@kjernsmo.net> <[🔎] 6425.216.39.174.24.1034380858.squirrel@webmail.linuxpowered.net>

On Saturday 12 October 2002 02:00, nate wrote:
> Kjetil Kjernsmo said:
> > Hi folks!
> >
> > Short version of the question:
> > How can I use the MAC address of certain machines to allow only those
> > machines  to mount NFS exports using IPTables?
> >
> > It's in  serverhosting, and I control it completely. My parents connect
> > to the net  using ADSL, and there are currently to machines connecting
> > through a router  running Coyote.
>
> MAC addresses are limited to your local LAN, you cannot resolve a
> MAC address from a remote network. all incoming traffic to your
> system will have the MAC of your router. To test this, install the
> arping utility and try pinging a few different things, it has the
> ability to translate MAC->IP address and IP address->MAC.

OK, so all the MACs I'll ever know are those I can find with arp -a?
I guess that pretty much kills that idea...

> not only that NFS is dog slow over WAN, even at 1.5mbits(over VPN)
> its unusable for me, same goes for SMB, dog slow).

Really? I once had NFS over a 128 kbits/s link, and it wasn't _that_ bad....

> > Or is this just a Very Bad Idea[tm]? I would be glad for all comments and
>
> I say stick to ftp, or if you want security I reccomend SCP. at my
> last company I had the opportunity to re-do the security of the public
> servers and locked them down to RSA-only logins. I forced the dreamweaver
> people to use SCP to transfer their files. they bitched, but they
> understood the importance.

Well, yeah, I have a no-clear-text-passwords policy, and I'll definately not 
abandon that. So, pure FTP was never an option at all. SCP is what they're 
using to upload files to my web server from a Windows laptop now.

Yet, this doesn't really feel like an option. It requires a few more steps 
than really should be needed and more concepts to be learned that should be 
superflous... Hm, I think I go back to looking at webdav. After all, mod_dav 
is in woody, so the server side should be easy enough, but the client side is 
perhaps not that developed.

Best,

Kjetil

Reply to:

Follow-Ups:
- Re: Allowing NFS to machines based on MAC (?)
  - From: Mathias De Belder <Mathias.DeBelder@advalvas.be>

References:
- Allowing NFS to machines based on MAC (?)
  - From: Kjetil Kjernsmo <kjetil@kjernsmo.net>
- Re: Allowing NFS to machines based on MAC (?)
  - From: "nate" <debian-user@aphroland.org>

Prev by Date: Re: The only thing I miss about Windows
Next by Date: Re: Windowmanager problem
Previous by thread: Re: Allowing NFS to machines based on MAC (?)
Next by thread: Re: Allowing NFS to machines based on MAC (?)
Index(es):
- Date
- Thread