How to securely connect an Intranet-Samba-PDC with a LAMP in the DMZ?!
- From: "Tom" <null@xxxxxxxxx>
- Date: Tue, 16 Oct 2007 15:27:50 +0300
Hello group!
I am administering a small network which has 3 zones: Internet, DMZ and Intranet, quite similar to what it looks like here: http://de.wikipedia.org/wiki/Bild:Endian_Network_Topology.jpg
With other words: I have the RED (=insecure), ORANGE (partly secure) and GREEN (highly secure) zone, all combined by a Firewall/Gateway linux box.
In the ORANGE zone (DMZ) I am running a LAMP server which serves data towards the public internet (Webserver and FTP server)
In the GREEN zone (intranet) I am running a Samba-Server as fileserver and PDC for my intranet client machines.
By default my firewall allows access from the green to the orange net, but not vice verca. However I can open "pinholes" so that partial access is allowed from orange to green (but each pinhole is also a decrease of security)
So far so good.
Now what I want to do:
I want to be sitting on one of my Windows clients in the green network and be able to transfer files from the orange LAMP server to the green File-Server and vice verca comfortably via network shares.
For the moment I am using FTP to transfer the files between them, sitting infront of the linux boxes, which is not very comfortable.
How should I make that in the best way, so it remains top secure?
- Do I have to install a Samba-Server on orange? (which I find insecure)
- Do I have to grant the orange server access to green server by giving him a pinhole on the firewall? (which I again find insecure)
- Do I have to connect them via NIS?
- Can I somehow mount a folder between green and orange?
- Do I need to install an FTP-server on both and then use FXP (which again I don't like because I don't want to install an FTP on green for securtity reasons)
What would you do in my case?
Any advices are welcome!! :-)
Thank you
tomakos
--
Help keep the usenet free!
Use and/or support (e.g. by setting up an own server) the nonprofit open-news-network project:
http://www.open-news-network.org/
.
- Follow-Ups:
- Re: How to securely connect an Intranet-Samba-PDC with a LAMP in the DMZ?!
- From: Robert Harris
- Re: How to securely connect an Intranet-Samba-PDC with a LAMP in the DMZ?!
- Prev by Date: domain rewrite
- Next by Date: IP routing with remote DNS, but server & client on same subnet - how?
- Previous by thread: domain rewrite
- Next by thread: Re: How to securely connect an Intranet-Samba-PDC with a LAMP in the DMZ?!
- Index(es):
Relevant Pages
|
