Is there a way to automate rsync of updated portage tree across multiple boxes without each having to pull it down from a gentoo mirror
on Tue, Sep 16, 2008 at 04:59:39PM +0100, you wrote:
> > Except that this is not completely true: See some of the many articles
> > in the net which explain why NAT is not a security feature. A quick
> > google search gave e.g.
> > http://www.nexusuk.org/articles/2005/03/12/nat_security/
> "So the router maintains a database of current connections so that traffic
> is always allowed through for them, and you can tell it to filter all new
> connections made from the internet whilest allowing all new connections
> made from inside the local network. This means that noone can make a
> connection from the internet to one of your workstations, even though
> they can route to its address."
> If the relevant ports are not forwarded in the router, this applies and
> no one can make a new connection to your rsync server.
I don't even see why you'd strictly need connection tracking to avoid
attacks made possible by grossly misconfigured ISP routers. Your router
knows that packets with a destination address of 10/8, 192.168/16 and
the like have absolutely no business on the public internet so the only
sensible behavior would be to just drop them.
I prefer encrypted and signed messages. KeyID: FAC37665
Fingerprint: 8C16 3F0A A6FC DF0D 19B0 8DEF 48D9 1700 FAC3 7665