On 22.01.2014, at 16:43, "Peter B." <pb@xxxxxxxxxxxxxxxxx> wrote: > On 01/21/2014 10:31 PM, Dan Mons wrote: >> On 22 January 2014 05:19, Peter B. <pb@xxxxxxxxxxxxxxxxx> wrote: >>> The clients in fact *do* only access it over Samba. I just figured that >>> *if* one user connected a GNU/Linux machine to the LAN, he could simply >>> connect with write permissions using the GlusterFS Linux client. All >>> he'd have to do for authenticating is to spoof one of the storage-IPs. >> man iptables > > I've been working with iptables for many years, but in this particular > case, I fail to see how they would help. > Maybe I'm overlooking something very obvious? > > Could you please elaborate your suggestion a bit? I would suggest not to connect the dedicated storage nic(s) to the lan but to a physical seperated network, vlan or if that all is not possible, through a vpn. could be wrong, but INHO with ip_forward off you should be fine? regards Bernhard _______________________________________________ Gluster-users mailing list Gluster-users@xxxxxxxxxxx http://supercolony.gluster.org/mailman/listinfo/gluster-users
