>On Thu, Oct 20, 2011 at 12:46 PM, Geoff Galitz ><ggal...@shutterstock.com> wrote: >> >> We're thinking of ways to get our DMZ nodes managed by puppet, and in >> the absence of a full-fledged push model we are thinking about >> pointing puppets in our DMZ network at a bastion host >running squid to >> proxy back to our puppet master. >> >> In this scenario, the single bastion host would have an ACL allowing >> access through our inner firewall to the master, but the >various nodes >> would have no direct access. That would give us a nice choke point >> that we can monitor and isolate if needed. We'd still get all of our >> reporting functions, too. >> >> >> Has anyone tried something along these lines? Any opinions? >>
We have an allow-list of hosts which connect to a NAT IP that gets forwarded internally. This is a simpler setup than having a proxy do it. This email communication and any files transmitted with it may contain confidential and or proprietary information and is provided for the use of the intended recipient only. Any review, retransmission or dissemination of this information by anyone other than the intended recipient is prohibited. If you receive this email in error, please contact the sender and delete this communication and any copies immediately. Thank you. http://www.encana.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
