Hello! I want to set up a NFS at home and use the stationary computer as the file server.
I have configured the NFS according to handbook and am in the middle of configuring the firewall and have some questions regarding it.
My thought is to use the external interface for internal traffic as well (wlan0) since I think it may not be necessary with extra rules and also I really can benefit from the wireless connection.
When looking at the rules I set from handbook I notice that I have used the rules:
And I wonder if it's not overkill to define non-routing IPs in $martians (eg. 192.168.0.0/16) when PF is set on "block all" already.
From a security point of view, how bad is it to allow incoming internal on the same interface as the external? One thing I can think of is that I will open the ports necessary for the NFS but in the ruleset I will only allow my two computers on the network to connect through their specified static IPs, so it shouldn't be any trouble. Are there any alternative configurations in interface one can make?
>> I would get similar effect with Samba or an ordinary Webserver but I think NFS seems smooth.
Maybe I am just overthinking this.
Can you think of any problems?
I have configured the NFS according to handbook and am in the middle of configuring the firewall and have some questions regarding it.
My thought is to use the external interface for internal traffic as well (wlan0) since I think it may not be necessary with extra rules and also I really can benefit from the wireless connection.
When looking at the rules I set from handbook I notice that I have used the rules:
Code:
## Drop all incoming
block all
## Block nonrouting IPs/Martians
block drop in on $ext_if from $martians to any
block drop out on $ext_if from any to $martians
And I wonder if it's not overkill to define non-routing IPs in $martians (eg. 192.168.0.0/16) when PF is set on "block all" already.
From a security point of view, how bad is it to allow incoming internal on the same interface as the external? One thing I can think of is that I will open the ports necessary for the NFS but in the ruleset I will only allow my two computers on the network to connect through their specified static IPs, so it shouldn't be any trouble. Are there any alternative configurations in interface one can make?
>> I would get similar effect with Samba or an ordinary Webserver but I think NFS seems smooth.
Maybe I am just overthinking this.
Can you think of any problems?