Greetings All,
I have installed FC6 on my home network and am enjoying the new release. Tip of my fedora to the developers.. Job well done!
What is the status of using NFSv4 with SELinux and firewall enabled? I have tried to get it going over my home network but to no avail without disabling SELinux and the firewall. Is this problem strictly a NFS issue? Has anyone been able to use NFS with SELinux and firewall enabled?
-- Virtually, Tom W
Tom Weniger wrote:
Greetings All,
I have installed FC6 on my home network and am enjoying the new release. Tip of my fedora to the developers.. Job well done!
What is the status of using NFSv4 with SELinux and firewall enabled? I have tried to get it going over my home network but to no avail without disabling SELinux and the firewall. Is this problem strictly a NFS issue? Has anyone been able to use NFS with SELinux and firewall enabled?
Take a gander at the how-to at http://www.lowth.com/LinWiz/nfs_help.html
On Tue, Oct 31, 2006 at 10:19:26AM -0600, Steve Siegfried wrote:
Tom Weniger wrote:
Greetings All,
I have installed FC6 on my home network and am enjoying the new release. Tip of my fedora to the developers.. Job well done!
What is the status of using NFSv4 with SELinux and firewall enabled? I have tried to get it going over my home network but to no avail without disabling SELinux and the firewall. Is this problem strictly a NFS issue? Has anyone been able to use NFS with SELinux and firewall enabled?
Take a gander at the how-to at http://www.lowth.com/LinWiz/nfs_help.html
You may also find http://www.ba.infn.it/calcolo/documenti/NFSServer.html#Firewall useful. I used it to do my setup. However, I do not use selinux, so cannot speak to that.
Tom Weniger wrote:
Greetings All,
I have installed FC6 on my home network and am enjoying the new release. Tip of my fedora to the developers.. Job well done!
What is the status of using NFSv4 with SELinux and firewall enabled? I have tried to get it going over my home network but to no avail without disabling SELinux and the firewall. Is this problem strictly a NFS issue? Has anyone been able to use NFS with SELinux and firewall enabled?
-- Virtually, Tom W
as far as the firewall, even though much online docs day that nfs4 does not require portmap and that the only port required to be open on the server is 2049 tcp. my experience with fedora and nfs4 (since fc3 )is that a connection will fail if port 111 tcp/udp is not opened on the server. why that is: i don't know. i'm wondering myself.
try the firewall first, with selinux in permissive mode. once you've established connectivity, check the logs for selinux problems. -a
Tom Weniger wrote:
Greetings All,
I have installed FC6 on my home network and am enjoying the new release. Tip of my fedora to the developers.. Job well done!
What is the status of using NFSv4 with SELinux and firewall enabled? I have tried to get it going over my home network but to no avail without disabling SELinux and the firewall. Is this problem strictly a NFS issue? Has anyone been able to use NFS with SELinux and firewall enabled?
SELinux shouldn't be a big issue if you set the appropriate booleans.
See "man nfs_selinux"
You may also be using NIS, in which case also check "man nis_selinux".
Paul.
Greetings,
Thanks to Steve, Charles, Anthony & Paul for their helpful suggestions. I have managed to get my home NFS network going with the firewall enabled and the SELinux enforcing policy. I learned quite a bit about static port numbering and tweaking SELinux. Thanks again.
Tom Weniger wrote:
Greetings,
Thanks to Steve, Charles, Anthony & Paul for their helpful suggestions. I have managed to get my home NFS network going with the firewall enabled and the SELinux enforcing policy. I learned quite a bit about static port numbering and tweaking SELinux. Thanks again.
that's what the list is for, sir. glad you got it working. btw, did you need to open port 111 (prtmap) to get it to work?
On 11/2/06, Anthony Messina amessina@messinet.com wrote:
that's what the list is for, sir. glad you got it working. btw, did you need to open port 111 (prtmap) to get it to work?
Greetings Anthony,
Yes, I did need to open ports 111 (sunrpc) and 2049 (nfs) on the serer and clients. I also did some mapping of the nfs daemons to ports 4000 - 4003 and ensured that all the setsebools were done on the server and clients.
What is the status of using NFSv4 with SELinux and firewall enabled? I have tried to get it going over my home network but to no avail without disabling SELinux and the firewall. Is this problem strictly a NFS issue? Has anyone been able to use NFS with SELinux and firewall enabled?
I am using NFS with SELinux and firewall. For the firewall, I have been using a program called firestarter - opened the ports 111 and 2049...
HTH, Chris
-
Anthony Joseph Messina -
Charles Curley -
Chris Mohler -
Paul Howarth -
Steve Siegfried -
Tom Weniger