On 6/2/2014 午後 09:19, Andrew Latham wrote:
I use OpenVPN to access an Admin/sandboxed network with insecure portals, wiki, and ipmi. On Jun 2, 2014 7:13 AM, "Randy Bush" <randy@psg.com> wrote:
so how to folk protect yet access ipmi? it is pretty vulnerable, so 99% of the time i want it blocked off. but that other 1%, i want kvm console, remote media, and dim sum.
currently, i just block the ip address chunk into which i put ipmi at the border of the rack. when i want access, i reconfig the acl. bit of a pita.
anyone care to share better idea(s)? thanks.
randy
Depends. On most ATEN chip based BMC boards from Supermicro, it includes a UI to iptables that works in the same way. You could put it on a public net, allow your stuff and DROP 0.0.0.0/0. But unless you have servers with those, I think the best way to go is putting them on internal IPs and then using some sort of a VPN.