|
Hi all,
I'm in the process of moving a couple of web servers and an NFS/DB
server into an LVS-NAT cluster, and I need to allow our customers to FTP
web files into one or more of these servers (ideally the NFS/DB server,
less ideally one or both web servers - the content being FTPed would
find its way into the NFS share on the NFS/DB server regardless).
I'm concerned, however, at the inherent security risk in this proposal,
i.e. if someone breaks FTP, they're in the cluster. One idea I had is to
put a simple box running the FTP server on the VIP side of the network,
and pull down content from that server to the NFS/DB server every, say 5
minutes. I don't want to do this, however, as it means administration
etc. of Yet Another Box.
Anyone have ideas/experiences regarding this they'd be willing to share?
Regards,
Guy.
|
