Re: Allowing NFS to machines based on MAC (?)

["Miquel van Smoorenburg" <miquels@cistron.nl>]

In article <[🔎] 200210112333.34939.kjetil@kjernsmo.net>,
Kjetil Kjernsmo  <kjetil@kjernsmo.net> wrote:
>NFS is generally scary, but I have pretty much come to the conclusion that it 
>is the best choice, unless somebody screams here... :-) And _if_ this is 
>feasible: I have recorded the MAC addresses of all the ethernet cards on all 
>the boxes I have. Then, I thought about modifying the IPTables-based firewall 
>I have on my server so that these workstations can mount the NFS exports, but 
>drop packets from all other hosts. So, then we're back to the short question 
>again: How do I do that? 

You run a secure IP tunnel between the two systems; look for
"secure ip tunnel" on google.

Or you run something other than NFS, say sfs. See http://www.fs.net/
This is probably the easiest and most elegant solution.
>From the SFS homepage:

# Gain remote file access.  If you have a cable modem at home, maybe
  you would like to access a file server at work from your home (or vice
  versa). If you are collaborating with people at a different institution,
  sharing a common file system may be far more convenient than remotely
  logging into each other's machines all the time. Such file sharing
  examples are often impractical with existing file systems, either because
  of security concerns or because of the administrative hassles involved
  in coordinating the sharing. SFS is specifically designed to make file
  sharing across the Internet both secure and trivial to set up.

Mike.