A whole lot will depend on who and what you're protecting from... is it necessary for staff, jocks, and other folks to be able to access the individual rivendell machines, or is it just a few folks, engineering access, or what..
A great firewall is necessary...I wouldn't put individual outside static ip's on the internal machines... and for the purpose of conversation, lets assume that you want to use VPN access, rather than ssh or something, although they can both work the same. (SSH, while great for folks who understand it may well be overwhelming for the jock staff.. Id's start by using multiple port forwards to each machine..use non standard ports on the outside, to standard ports and machines on the inside..like (outside ip):7823 to inside 192.168.1.58:5900. this way, you could use one outside ip to access multiple machines.. use the most obscure password you can..nothing easy... if you have multiple outside statics, you can rotate them on occasion. don't be afraid to also change the outside ports on occasion... and if you have a spare machine somewhere, just put it on the dmz as a honeypot...the folks who are looking to break into your system will find that, and as long as there is nothing they can do with it, all they succeed in is leaving their originating ip's, which you can immediately block (I block entire sub-nets that way... On Wed, 2015-09-16 at 10:54 -0500, Tom Van Gorkom wrote: > I m new to Rivendell and linux but now have master and slave servers > set up with 5 clients in the studio all on CentOS 6.7 with RD ver > 2.10.3-1 on 64 bit quad core AMD/ASUS machines. I put them on an > internal sub network with static IPs and constant internet access to > allow several functions for the production staff and program > downloads. It all seems to work fine for as as much as I have learned > and set up so far. (Being the catch-all engineer, it takes time to > learn and get to it along with everything else. We are getting close > to putting it on the air, I think.) _______________________________________________ Rivendell-dev mailing list Rivendell-dev@lists.rivendellaudio.org http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
