What should I use with NFS: private ip or public ip?
I followed this guide to setup a NFS connection between my nodes on Ubuntu. I used the public ip to connect between the nodes and added the client to the firewall rules. My question is can I use the private ip instead of the public ip? would that be the safer and the best approach to go with?
Also how can I implement the private ip masking? as I read the private ip of the node do change by time.
2 Replies
tlambert
Linode Staff
✓ Best Answer
If you're able to connect to the NFS using a private IP address (meaning the Ubuntu nodes and the NFS instance are in the same data center) that's would be another layer of protection you could use in addition to the firewalling described in the How to Use an NFS Server on Ubuntu 20.04 guide. Depending on where this deployment is located within our fleet, you may also want to consider connections using VLAN.Since they are isolated from other networks, VLANS add yet another layer of security to your connection.
You asked,
"Also how can I implement the private ip masking? as I read the private ip of the node do change by time."
The private IP address assigned to your instance generally will not change unless you remove it manually or for special cases.
Private IP masking is not a feature currently available on the Linode platform. However, I have gone ahead and added your request for this feature to our internal tracking.
I would definitely use a private IP. Private IPs are are not routable outside the data center where your Linodes are located. You don’t want your remote disc traffic out on the open internet.
However “private” IP traffic does not mean “secure” IP traffic. You’re going to have to find a way to secure this.
How you would set this up is out of my pay grade (the firewall part is easy).
This may help:
https://www.linuxjournal.com/content/encrypting-nfsv4-stunnel-tls
— sw