I'll check that out. At least I'll be able to secure it. Thanks.
Cheers, Fritz Mesedilla www.mesedilla.com --- +Basta Ikaw Lord -----Original Message----- From: Rafael 'Dido' Sevilla [mailto:[EMAIL PROTECTED]] Sent: Saturday, September 29, 2001 1:16 AM To: [EMAIL PROTECTED] Subject: Re: [plug] Web stats On Fri, Sep 28, 2001 at 10:57:22PM +0800, Fritz Mesedilla wrote: > Anyway, someone suggested using cluster trends. But that means opening an > ftp port on every clustered server which means insecurity. > This is a perfect opportunity for someone to try out FreeS/WAN! :) Install FreeS/WAN on each of your clustered servers, activate FTP and make it listen only to the ipsec interfaces, and install FreeS/WAN on the server you use to collect your stats. Use FTP the way you expect to use it, except it's now over the VPN IPsec interfaces, so snooping should be next to impossible provided it's been properly configured. Nobody who lacks authorization to connect to the VPN will even see the open FTP ports on your clustered web servers, much less be able to exploit them or sniff traffic going to or from them. My previous suggestion for using a PPP on SSH VPN is probably not going to work very well now that you have a cluster, as PPP is, by its very nature, point to point. You'll have one ppp interface for each server in your cluster, and the more you have, the worse the system is going to get. Probably if you only have a few servers (up to perhaps three) it should still be tenable, but if you want to scale up to arbitrarily large clusters, IPsec really is the way to go. -- Rafael R. Sevilla <[EMAIL PROTECTED]> +63(2) 8177746 ext. 8311 Programmer, InterdotNet Philippines +63(917) 4458925 http://dido.engr.internet.org.ph/ OpenPGP Key ID: 0x5CDA17D8 _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED] _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
