> Basically what my boss would like to be able to do is write > to a Samba/NFS > type share on the file server from the webserver. My > understanding is that > NFS should never be allowed through a firewall, and that Samba is only > marginally better. So, any suggestions?
I assume that the file server we're talking about contains not only data relevant to the web server and database and necessary for their operation, but is also used for purely internal purposes. If this is the case, I strongly advise against placing it into the DMZ (you can misunderstand DG's post in this regard) or allowing access to it from the DMZ. Instead, I'd use rsync with SSH as transport to automatically push the necessary portions of the file system from the internal file server to the DMZ server and configure the latter to use the local copies. Rsync is better than scp here, because it only copies the necessary files and even those only incementally. IIRC, it can also delete files on the target host that don't exist anymore on the source host. The use of SSH gives you good authentication (public/private keys) and ensures data integrity in flow. Using public/private key authentication, you can also restrict the commands that can be performed on the DMZ host when a specific key is used to authenticate, which can come in handy. HTH Tobias _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
