[Nut-upsuser] Client behind firewall
Bruno Wolff III
bruno at wolff.to
Sat Dec 9 17:32:16 CET 2006
On Fri, Dec 08, 2006 at 15:13:58 -0800,
Mike Lowrie <mlowrie at vendetta.ca> wrote:
> Reading the documentation, it seems the client has to contact the
> server. The problem is I really don't want to open a port form the dmz
> to the internal network where the master UPS machine resides. I have
> data from various clients that I can't have comprised.
> Aside from buying another UPS, is there anything anyone can suggest? Is
> there no way for the server to send commands to the client instead?
> I suppose I could make the UPS master the DMZ machine, but that just
> seems wrong.
UPS's are relatively cheap, buy another one.
If you don't want to spend the money, then you are probably better off
having the master not in the DMZ. The risk in doing this is that there is
a bug in the daemon that can be leveraged into access to a machine outside
of the DMZ. This probably doesn't much to the risk you are already taking
buy having your machines do any communication with machines in the DMZ.
More information about the Nut-upsuser