[Gluster-users] GlusterFS share authentication?

BGM bernhard.glomm at ecologic.eu
Wed Jan 22 19:49:27 UTC 2014


On 22.01.2014, at 16:43, "Peter B." <pb at das-werkstatt.com> wrote:
> On 01/21/2014 10:31 PM, Dan Mons wrote:
>> On 22 January 2014 05:19, Peter B. <pb at das-werkstatt.com> wrote:
>>> The clients in fact *do* only access it over Samba. I just figured that
>>> *if* one user connected a GNU/Linux machine to the LAN, he could simply
>>> connect with write permissions using the GlusterFS Linux client. All
>>> he'd have to do for authenticating is to spoof one of the storage-IPs.
>> man iptables
> 
> I've been working with iptables for many years, but in this particular
> case, I fail to see how they would help.
> Maybe I'm overlooking something very obvious?
> 
> Could you please elaborate your suggestion a bit?

I would suggest not to connect the dedicated storage nic(s) to the lan
but to a physical seperated network, vlan or if that all is not possible,
through a vpn.
could be wrong, but INHO with ip_forward off you should be fine?
regards
Bernhard



More information about the Gluster-users mailing list