Subject: Re: [netatalk-admins] multiple interfaces
From: erik_list@pacificcolor.com
Date: Wed Jun 09 1999 - 18:27:04 EDT
At Wednesday, 10:08 AM 6/9/99, you wrote:
>tkaczma@gryf.net wrote:
>
>> A better solution would be to make sure that your firewall blocks
>> appletalk over IP and call it a day.
>
>I'll second this.
>
>> Another solution, which I think is
>> better would be to keep appletalk off the "unsecure" segment altogether
>> and equip any mac necessitating a direct connection to the I-net with a
>> second ethernet interface to talk to the internal network.
>
>Unfortunately, that kind of defeats the purpose of the firewall,
>having one or more machines (other than the firewall) connected
>to both networks. And if someone happens to configure one of
>those macs to act as a router, then your problems are just beginning
>(and not just because of potential crackers).
You can define more than one server to start from the afpd.conf file,
according to comments in the supplied afpd.conf in the RPM for
netatalk-1.4b2+asun2.1.3-2. I use this to bind 2 servers to 2 NICs on 2
separate IP addresses - works fine. Try the -ddp or -notcp flag on one of
the servers.
# Format of lines in this file:
#
# server [ -tcp ] [ -ddp ] [ -guest ] [ -loginmesg message ] ...
#
# To specify a line with the default server name, use a "-" as the
# server name.
#
# There are a whole plethora of options available. Here they are for
# your edification:
# toggles (-no<option> turns that option off; -<option> turns
# it on):
# transports: tcp, ddp, transall
# debug: nodebug (can only turn off debug)
# auth: cleartxt, afskrb, krbiv, guest, randnum, rand2num,
# authall (doesn't include randnum/rand2num)
# passwd: savepassword, setpassword
# user volumes: uservolfirst,
# nouservol (don't look for ~/.AppleVolumes)
#
#
# options w/ arguments (-<option> <argument>):
# defaultvol, systemvol, loginmesg, guestname
# address (binds a server to a specific address)
# port (has to be specified if more than one tcp server
# is to be served)
# tickleval (sets the tickle interval in seconds)
# uampath, nlspath
#
# Order of precedence:
# options in afpd.conf > command-line options > built-in options
#
# Some examples:
#
# The simplest case is to not have an afpd.conf.
#
# 4 servers w/ names server1-3 and one w/ the hostname. servers
# 1-3 get routed to different ports with server 3 being bound
# specifically to address 192.168.1.3
# -
# server1 -port 12000
# server2 -port 12001
# server3 -port 12002 -address 192.168.1.3
#
# a dedicated guest server, a user server, and a special
# ddp-only server:
# "Guest Volume" -nocleartxt -loginmesg "Welcome guest!"
# "User Volume" -noguest -port 12000
# "special" -notcp -defaultvol <path> -systemvol <path>
<------------------------------------------------------------->
| Erik Ohlin mailto:eohlin@pacificcolor.com (760)438-8933 |
| Pacific Color http://www.pacificcolor.com fax:(760)438-8414 |
| 1916 Palomar Oaks Way, Suite 100, Carlsbad, CA 92008 |
<------------------------------------------------------------->
If quitters never win, and winners never quit,
what fool came up with, "Quit while you're ahead?"
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:16:49 EST