[CentOS] Securing RPC

Fri Jul 1 19:15:54 UTC 2016
Keith Keller <kkeller at wombat.san-francisco.ca.us>

On 2016-07-01, Leon Vergottini <leonv at cornerstone.ac.za> wrote:
> Unfortunately, I cannot disable NFS which lies at the root of this
> problem.  In addition, I am struggling to find a proper tutorial of moving
> NFS from udp over to tcp.

I think the best thing to do is to set up VPN links between your NFS
server and the clients.  This way you never have to expose RPC to the
public network at all, and your NFS traffic will be secure against
packet sniffers.  I've used OpenVPN for this exact purpose, but I
suspect that it's been causing some problems, so I'm considering trying
out tinc vpn.

You could also do IPsec but IIRC that's a bit more complex to configure.


kkeller at wombat.san-francisco.ca.us