That'll do it - thanks! Tim
-----Original Message----- From: "Aphyr" <ap...@aphyr.com> Sent: Sunday, March 4, 2012 10:57pm To: Cc: riak-users@lists.basho.com Subject: Re: Questions on configuring public and private ips for riak on ubuntu ssh -NL 8098:localhost:8098 your.vps.com --Kyle On 03/04/2012 09:55 PM, Tim Robinson wrote: > Yeah, I read your blog post when it first came out. I liked it. > > I appreciate the warning, but practically speaking I'm really just not > worried about it. It's a test environment on an external VPS that no one > knows the info for. Demo to the company means show image/content-type load, > JSON via browser with proper indentation, and Riak Control. SSH isn't going > to do that for me. > > I'm using public data for the testing. I can blow the whole thing away any > time. > > Aside from warnings does anyone want to help with the question. > > Thanks, > Tim > > > -----Original Message----- > From: "Aphyr"<ap...@aphyr.com> > Sent: Sunday, March 4, 2012 10:41pm > To: "Tim Robinson"<t...@blackstag.com> > Subject: Re: Questions on configuring public and private ips for riak on > ubuntu > > I can get SSH access over Riak's HTTP and protobufs interfaces in about > five seconds, and can root a box shortly after that, depending on > kernel. Please don't do it. Just don't. > > http://aphyr.com/posts/224-do-not-expose-riak-to-the-internet > http://aphyr.com/posts/218-systems-security-a-primer > > --Kyle > > On 03/04/2012 09:38 PM, Tim Robinson wrote: >> Right now I am just loading data for test purposes. It's nice to be able to >> do some benchmarks against the private network (which is @1Gbit/s)... while >> being able to poke a hole in the firewall when I want to do a test/demo. >> >> Tim >> >> -----Original Message----- >> From: "Alexander Sicular"<sicul...@gmail.com> >> Sent: Sunday, March 4, 2012 9:15pm >> To: "Tim Robinson"<t...@blackstag.com> >> Cc: "riak-users@lists.basho.com"<riak-users@lists.basho.com> >> Subject: Re: Questions on configuring public and private ips for riak on >> ubuntu >> >> this is a "Very Bad" idea. do not expose your riak instance over a public ip >> address. riak has no internal security mechanism to keep people from doing >> very bad things to your data, configuration, etc. >> >> -Alexander Sicular >> >> @siculars >> >> On Mar 5, 2012, at 12:43 AM, Tim Robinson wrote: >> >>> Hello all, >>> >>> I have a few questions on networking configs for riak. >>> >>> I have both a public ip and a private ip for each riak node. I want Riak to >>> communicate over the private ip addresses to take advantage of free >>> bandwidth, but I would also like the option to interface with riak using >>> the public ip's if need be (i.e. for testing / demo's etc). >>> >>> I'm gathering that the way people to this is by setting up app.config to >>> use ip "0.0.0.0" to listen for all ip's. I'm also gathering vm.args needs >>> to have a unique name in the cluster so I would need to use the hostname >>> for the -name option (i.e. r...@www.fake-node-domain-name-1.com). >>> >>> My hosts file would contain: >>> >>> 127.0.0.1 localhost.localdomain localhost >>> x.x.x.x www.fake-node-domain-name-1.com mynode-1 >>> .... >>> >>> where x.x.x.x is the public ip not the private. >>> >>> This is where I start to get lost. >>> >>> As it sits, if I attempt to join using the private ip's i will get the >>> unreachable error - yet I can telnet connect to/from the equivalent nodes. >>> >>> So I could add a second IP to the hosts file, but since I need to keep the >>> public one as well, how is that riak is going to use the private ips for >>> gissip ring, hinted hand-off, ... etc etc. >>> >>> There's obviously some networking basics I am missing. >>> >>> Any guidance from those of you who have done this? >>> >>> Thanks. >>> Tim >>> >>> >>> >>> >>> >>> _______________________________________________ >>> riak-users mailing list >>> riak-users@lists.basho.com >>> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com >> >> >> >> Tim Robinson >> >> >> >> Tim Robinson >> >> >> >> _______________________________________________ >> riak-users mailing list >> riak-users@lists.basho.com >> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com >> > > > Tim Robinson > > > > Tim Robinson > > > > _______________________________________________ > riak-users mailing list > riak-users@lists.basho.com > http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com > _______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com Tim Robinson _______________________________________________ riak-users mailing list riak-users@lists.basho.com http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
