|
Guy Waugh wrote:
> I'm concerned, however, at the inherent security risk in this proposal,
> i.e. if someone breaks FTP, they're in the cluster.
I assume you've read
http://www.austintek.com/LVS/LVS-HOWTO/HOWTO/LVS-HOWTO.services.multi-port.html#ftp_secure
I don't run an ftp server, but advice somewhere else in the HOWTO (that I can't
find
right now) from Ratz says to put your ftp server in some DMZ and not make it
part of your LVS.
> One idea I had is to
> put a simple box running the FTP server on the VIP side of the network,
> and pull down content from that server to the NFS/DB server every, say 5
> minutes. I don't want to do this, however, as it means administration
> etc. of Yet Another Box.
I'm afraid so
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|
