Is NFS export r/o safe from lan to dmz?
I'v got my mp3 collection on my lan server, streamed on my home
network using mt-daapd. Now I'd like to make it accessible when I'm
at work. I'll use libapache2-mod-musicindex on my DMZ server to
stream the files, but need a way to make the files available to my
DMZ server to do so. I thougth that simply making an nfs export read
only from the lan to my dmz through a pinhole in my firewall should
work, but I'm concerned that nfs wouldn't be safe.
If the export would be r/o, what would be the risk of such a setup? I
don't mind some intruder to get access to my mp3's but it would be
less pleasant if I risk the safety of my lan server any further then
that. If there are risks, how could they be resolved? Are there other
ways to make the files available on my dmz other than nfs. (I don't
have the diskspace to keep a complete copy of all the files on the
dmz, so something involving rsync is out of the question).
There are only 10 kinds of people in the world, those who understand
ternary, those who don't, and those who mistake it for binary...