On Wed, 23 Feb 2005 21:07:41 +0100, Henning Wangerin
<mailinglists dash after dash 041101 underscore reply dash not dash possible at hpc dot dk> wrote:
> I have a wireless-netcam (surecom nl-401) that I want to allow access to
> my file-server for uploading of images to an archive.
> My AP (a Dlink DWL-900AP+) is connected to a separate interface on my
> m0n0wall that's going to be setup with captive portal.
> What would be concidered the bets way to accomplish that?
> 1) Setup the webcam on a static IP (dhcp for easy handling) and
> firewalling so it only can connect to the ftp-server. The cam can be
> setup to push new images to the ftp-server automatically.
> No extra load is cenerated on the server in case of no connection
> the ftp-credentials can be found on air, and the mac/ip hijacked
> 2) Setup the webcam on a static IP (dhcp for easy handling) and
> firewalling so no connections out is possible, and let the server pull
> no credentials on air except eventually a readonly-access to the cam
> the server has to do more error-handling in case of missing connection.
I'd say 2 is the more secure way, and probably the way I'd set it up.
The server wouldn't really have to worry about error handling. If it
fails, just give up.
If 1 is easier, and you have good reason to be concerned about
protecting the traffic and FTP server, just use a ftp user for only
that purpose and chroot it into its home directory. The worst
somebody could do with those privileges is use it as a warez
repository if it's publicly-accessible (assuming no configuration
issues). Setting up disk quotas would minimize that risk.