Remote Access to File Server
I am a hobbyist so I was wondering if you system administrators could explain me something regarding the remote access to file server.
Suppose that I want to run full blown network with the following topology
internet <--> PF1<--> DMZ<-->PF2<-- LAN zone
In which my file server as well as DNS server are in the LAN zone and completely invisible from the internet. Ideally I am thinking that PF2 rules should allow only access to people from LAN zone to internet via the Squid proxy in DMZ as well as fetching mail from the mail server which is also in DMZ
and nothing else. The PF2 blocking policy ideally should be block all.
Suppose now I am user and want to access my files on the file server in the LAN zone from my home which is outside LAN zone actually Internet on the above diagram. Of course File Serever doesn't run OpenSSH and more over PF2 would block access to it anyway. Let suppose that I put another machine in DMZ which is now my SSH gateway for files.
How can I make visible files on the FileServer to a user which is log into such
I have couple ides in mind.
One is having the second copy of files on SSH gateway machine (sort of like secondary file server) and then running remote syn from the File Server which is in LAN zone (that would of course require refining PF2 rules which will allow packages to pass into LAN zone file server after such remote sync
is initialized from the LAN zone itself).
The another scenario is to simply open SSH port on PF2 and to use Gateway
SSH machine from the DMZ to redirect the traffic to file server. In this case scenario File Server from the
LAN zone will allow SSH but only from the specific machine i DMZ zone. Nothing else.
What do you people actually do.
The above thoughts are result of my attempts to fully understand topology of the network of the University where I work.
LAN zone are of course user terminals with faculty and student accounts. Those accounts actually reside on File Server which runs NFS only visible from LAN zone. Besides File Server (NFS) that LAN zone contains DNS and Printer/Scanner servers which are invisible from the internet.
DMZ consist of Mail Server, WWW server, Squid, Snort, and I believe the machine which is dedicated SSH gateway access to accounts from outside.
Thanks a LOT
P.S. By the way all machines in the above diagram are OpenBSDs including Desktops/Terminals
Last edited by Oko; 22nd June 2008 at 06:27 PM.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Remote backups server using FreeBSD, ZFS, and Rsync||phoenix||Guides||1||4th March 2010 11:17 PM|
|Setup Remote Access VPN||plexter||OpenBSD Security||54||4th September 2009 06:33 PM|
|Remote FreeBSD server upgrade - Guide!||carpman||Guides||8||5th April 2009 05:37 PM|
|Appending to file on remote host via SSH||splooge||Programming||10||7th June 2008 10:23 PM|
|Swfdec read-only file access vulnerability||corey_james||FreeBSD Ports and Packages||0||14th May 2008 11:31 PM|