sharing files on two networks?

piratebiter · 09-12-2003, 11:20 AM

this mornings ?... sheesh... I luv this linux?.org thing...
anyhow... I have a three legged firewall set up... a DMZ webserver on its own intra-network and a seperate LAN intra-network. On my LAN I can SAMBA from a windows development box to a Linux box and store files where I want them (this is to file developed Dreamweaver html etc)... so far ok.. now ?

Choice #1 might be to do the same thing to the webserver box... i.e tunnel thru from the Windows development box to the DMZ webserver and put SAMBA on that webserver and then load the files directly... seems awful loose on security to me?
OR...
maybe SAMBA inside my LAN and then share the files over to the webserver form the Linux LAN box... might be a bit more secure if the permissions were careful, the iptables rules reviewed etc... even SSH might be useful I dunno?
I'd rather NOT put SAMBA on my nice tight DMZ webserver...

please enlighten me, ? which way do the "big boys" load developed pages & do this? or is there a third option better than either of these ideas?

thanks much,
P.Biter

niall0s · 09-12-2003, 11:25 AM

ssh tunnel from the DMZ to were the files are and a cron job to update them sounds good to me?

piratebiter · 09-12-2003, 02:41 PM

yea, that sounds right to me...? might I get lucky and get a Windows version of open ssh for the developer box? called putty? or is there a better one?

P.Biter

stickman · 09-12-2003, 04:31 PM

Personally I would not allow access from your DMZ to your internal LAN. I would push the files from your LAN to the DMZ via sftp or scp. Because the servers in the DMZ allow partial public access, they are not fully trusted like computers on your LAN. Allowing inbound access to your LAN potentially compromises those systems if a system in your DMZ is compromised.

piratebiter · 09-12-2003, 04:55 PM

totally agree, and it took some time to get ANY security level going... so there in lies my? I prefer to not use FTP, supposed to be wide open... and the way might be to do a openSSH... wonder if this ~putty~ is any good? or is there a better one now? use the putty for the windows openSSH client... hmmm...? never looked at it. I can SAMBA to the Linux box on the LAN and then 100%+ safe just floppy the info to the webserver... but sheesh... kinda pathetic... so my thought is what do the huge websites do? do they SSH or SAMA or ? what?
P.Biter
sorta?secure but a little paranoid after reading a little. a little knowledge is a a dangerous thing huh.

stickman · 09-15-2003, 01:14 PM

Go find a copy of WinSCP. It's a nice GUI sftp/scp client for Windows.

piratebiter · 09-15-2003, 06:54 PM

Thanks much... U R 100% correct... by coincidence I was fumbling about on google, and I did download that exact pkg and yes, it is keen... still some unresolved issues on access and defining the server name etc... but yes that one works real good. your recommendation is on the money...
I have decided to "cheat"... the whole thing got another wrench thrown in Sunday, turns out Dreamweaver 4 does NOT like SSH of any kind... FTP etc... port 21 not 22 etc... ad nauseum.. so i have approached it from a totally different plan... but someday I will need to get on to the webserver from a distant windows box and winSCP is THE way.
thanks for the clue,

P.Biter