On Sun, Jun 27, 2010 at 8:30 PM, Martin Steinmann <[email protected]> wrote: > In a clustered configuration we end up with different servers offering > different REST services. If there is a requirement to access them from > external (without a VPN), all these servers would have to be exposed (i.e. > require pinholes in the firewall). Anyone has a suggestion on how to solve > this in a way an admin would feel comfortable?
what are looking to achieve? 1.) best security practices 2.) best way around restricted firewalls outside your control Re: option 2 - iptables lets you setup port forward to other servers. The effect is the same though, each server is exposed on select ports ultimately to the outside. this only creates more network traffic, but may get you want you desire. Re: option 1 - use a firewall that has the feature set you're comfortable with. I think however you look at it, if a server has a service that is ultimately interpreting the protocol it's vulnerable and the best defense is to use recommended tools to protect it, clustered config or single config. my 2 cents, I leave these type of things to the IT to professionals. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
