Pushing from the NT box to the FTP bastion host is what we do for outbound ( ftp put ).
I want to severely restrict inbound traffic from bastion FTP box. I was having the NT box poll the bastion FTP server and then simply pull data in with a get - but there are synchronization issues that I am worried about ( user doing a put while internal box is doing a get. )
There are other solutions that might work - but I thought the Netapp might provide a simple solution - assuming it would not be potential break-in point.
* James A. Klun Sterling Commerce 4600 Lakehurst Ct. Dublin, Oh 43016 * * jklun@stercomm.com 614-793-7183 voice 614-793-7092 fax * * ---- "very like a whale" ---- * * ---- Hamlet, Act 2, Scene 2 ---- *
On Sun, 2 Apr 2000, Marc Nicholas wrote:
Jim:
Why not just "push" your content out to the DMZ FTP, rather than having live connections through your firewall?
-marc
On Sun, 2 Apr 2000, Jim Klun 7183 wrote:
I am contemplating this architecture:
INTERNET | CISCO PIX FW ------- DMZ FTP SERVER | | ------------------------------ | | | | NT CLIENT NETAPPThe DMZ FTP Server would have an a UDP NFS mount THROUGH THE FIREWALL into the internal network. Inbound guest FTP would be directed there via the Netapp NFS mount. The NT box would have a covering SMB mount over the same filesystem. After a guest client delivers data to the FTP server it would be moved from the in to the out directory where it would be picked up by the internal NT box.
Intent: Maintain an Internet-visible FTP server in the DMZ and yet provide easy access for inside servers.
Question: 1. Does this make sense? Does anyopne use filers this way or in related ways? 2. Are there known exploits against filers doing UDP NFS as I describe above. Could the Netapp be attacked if the FTP box were hacked? 3. Related question: Can admin access to the filer be to ONLY the console port or ONLY a single interface?
Thanks - Jim Klun
- James A. Klun Sterling Commerce 4600 Lakehurst Ct. Dublin, Oh 43016 *
- jklun@stercomm.com 614-793-7183 voice 614-793-7092 fax *
---- "very like a whale" ---- *---- Hamlet, Act 2, Scene 2 ---- *-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Marc Nicholas Hippocampus OSD, Inc. "Industrial Strength Internet Solutions" 125 John Street, Suite 100, Toronto, ON M5V 2E2, CANADA 416.979.9000 x 11 fax 416.979.8223 http://www.hippocampus.net =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Host your business website for only $29/month! 1.877.GO.HIPPO