From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-43559-garchives=archives.gentoo.org@gentoo.org>)
	id 1FpcBh-0000Nx-6f
	for garchives@archives.gentoo.org; Mon, 12 Jun 2006 02:29:57 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.13.6/8.13.6) with SMTP id k5C2SNEY019404;
	Mon, 12 Jun 2006 02:28:23 GMT
Received: from mailout2.igs.net (mailout2.igs.net [216.58.97.88])
	by robin.gentoo.org (8.13.6/8.13.6) with ESMTP id k5C2NQ5j024928
	for <gentoo-user@lists.gentoo.org>; Mon, 12 Jun 2006 02:23:27 GMT
Received: from waltdnes.org (i216-58-42-200.cybersurf.com [216.58.42.200])
	by mailout2.igs.net (Postfix) with SMTP id F2FB347EA06
	for <gentoo-user@lists.gentoo.org>; Sun, 11 Jun 2006 22:23:26 -0400 (EDT)
Received: by waltdnes.org (sSMTP sendmail emulation); Sun, 11 Jun 2006 22:24:05 -0400
From: "Walter Dnes" <waltdnes@waltdnes.org>
Date: Sun, 11 Jun 2006 22:24:05 -0400
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] An alternative to http-replicator
Message-ID: <20060612022405.GB28110@waltdnes.org>
References: <20060610033154.GA22420@waltdnes.org> <448A6201.6090900@cs.umn.edu> <20060611024303.GA26116@waltdnes.org> <358eca8f0606110118g63c06eden5c29fedac7e06859@mail.gmail.com>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <358eca8f0606110118g63c06eden5c29fedac7e06859@mail.gmail.com>
User-Agent: Mutt/1.5.11
X-Archives-Salt: b1e8eb64-04d2-4e8a-b959-d637837f0164
X-Archives-Hash: ee181ba075a4670c0929770ecefd6ed0

On Sun, Jun 11, 2006 at 08:18:11AM +0000, Mick wrote

> How does boa compares with http-replicator in terms of
> functionality/security?

  boa is a lean+mean+fast webserver.  See http://www.boa.org for details.

> PS.  Other than not running portmapper is there a way of securing it?

  It has to be accessed by all machines that want to nfs-mount on the
server, so they can ask it what port nfs is running on.  Restrict access
to only the clients that need to nfs-mount on the server.  The usual
method is iptables.  For "defense in depth", you can also use inet.d and
hosts.allow/hosts.deny.

  I'm not an nfs expert.  Is it possible to force nfs to a specific port
on both the client and server such that they'll talk without handshaking
via portmapper first?

-- 
Walter Dnes <waltdnes@waltdnes.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
-- 
gentoo-user@gentoo.org mailing list