On 6/2/2014 午後 09:19, Andrew Latham wrote:
I use OpenVPN to access an Admin/sandboxed network with insecure portals,
wiki, and ipmi.
On Jun 2, 2014 7:13 AM, "Randy Bush" <ra...@psg.com> wrote:
so how to folk protect yet access ipmi? it is pretty vulnerable, so 99%
of the time i want it blocked off. but that other 1%, i want kvm
console, remote media, and dim sum.
currently, i just block the ip address chunk into which i put ipmi at
the border of the rack. when i want access, i reconfig the acl. bit of
a pita.
anyone care to share better idea(s)? thanks.
randy
Depends.
On most ATEN chip based BMC boards from Supermicro, it includes a UI to
iptables that works in the same way.
You could put it on a public net, allow your stuff and DROP 0.0.0.0/0.
But unless you have servers with those, I think the best way to go is
putting them on internal IPs and then using some sort of a VPN.
