LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

March 2006

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS March 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: On the equivalence of SL and the upstream vendor's product
From:	Luke Scharf <[log in to unmask]>
Reply To:	Luke Scharf <[log in to unmask]>
Date:	Sun, 12 Mar 2006 20:12:24 -0500
Content-Type:	multipart/signed
Parts/Attachments:	text/plain (2959 bytes) , smime.p7s (3376 bytes)

Harish Narayanan wrote:

>Luke Scharf wrote:
>  
>
>>One other NAT option that I've been looking at lately is a box that
>>looks like a home-router that has  a built-in VPN service.  This may be
>>easier and more elegant than port-forwarding, if it matches your needs. 
>>I've been looking at the Buffalo WZR-RS-G54, and one of the networking
>>guys I know recommended the Cisco 800.  It should be easy to maintain,
>>and your networking guys may approve of a device like this?
>>  
>>    
>>
>I am not sure, and I will have to look into this (and related products).
>I'd definitely prefer a route which involves each machine seeing the
>internet directly (only ssh), but even if that's not deemed kosher, I
>can live with the hop-hop solution. Like you said, this seems like a
>nice set-up /if/ it works as advertised.
>  
>
If I get one of these units with the integrated VPN, I'll post a quick 
review here.

Also, with one of the Linksys routers, one of my friends set up a lab 
with several Windows machines serving Microsoft Remote Desktop. He 
mapped a series of high ports to go to 3389 on internal machines.  Now, 
the students in the lab can type lab.dept.vt.edu:30280 (or something) 
and automagically hop to 192.168.1.42:3389.  They're using a Linksys NAT 
box.  The same trick should work with ssh, too.  The VPN is more 
flexible, but also more overhead.

The only gotcha on the Linksys routers is that the real port-forwarding 
is called "UPnP Forwarding".  I haven't figured out what it has to do 
with UPnP, but it works and my portscans didn't come up with anything 
insidious looking.  The other port-forwarding setup lets you forward 
port-ranges, but doesn't allow you to actually map one port (30280) to 
another (3389).

>>Excellent!  I'd like to hear which version your using, and how reliable
>>it is.
>>  
>>    
>>
>I currently use shfs-0.35. I have not had a single reliability issue
>with it. I am not sure about the file-locking requirement (gdm?), but 
>it is a non-issue for me as I only use shfs to serve up folders on boxes
>with larger drives to store computation information and stuff like that.
>
>The day I saw tab-completion on my bash console on a securely connected
>remote drive, I was sold. I have always resisted nfs, and people have
>historically resorted to manually moving information via ssh. Now
>they're happy campers.
>  
>
That's the same version I tested...  I love the concept, and I keep 
talking about how great the idea is.  I'd better start putting some code 
where my mouth is!

I'm totally sold on the concept of shfs, but I found in a day of using 
it to mount my home directory on my work-desktop that it just isn't 
reliable enough yet for my environment.  Then again, I've got ~25 Unix 
machines and 120+ Windows workstations, and 692 user accounts (though 
probably well over half of them will be culled in the next great purge 
of users who have graduated and "gone to a better place" (where they get 
paid)).  My requirements may be different than yours.

-Luke

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV