On 22.01.2014, at 16:43, "Peter B." <[email protected]> wrote: > On 01/21/2014 10:31 PM, Dan Mons wrote: >> On 22 January 2014 05:19, Peter B. <[email protected]> wrote: >>> The clients in fact *do* only access it over Samba. I just figured that >>> *if* one user connected a GNU/Linux machine to the LAN, he could simply >>> connect with write permissions using the GlusterFS Linux client. All >>> he'd have to do for authenticating is to spoof one of the storage-IPs. >> man iptables > > I've been working with iptables for many years, but in this particular > case, I fail to see how they would help. > Maybe I'm overlooking something very obvious? > > Could you please elaborate your suggestion a bit?
I would suggest not to connect the dedicated storage nic(s) to the lan but to a physical seperated network, vlan or if that all is not possible, through a vpn. could be wrong, but INHO with ip_forward off you should be fine? regards Bernhard _______________________________________________ Gluster-users mailing list [email protected] http://supercolony.gluster.org/mailman/listinfo/gluster-users
