-----Original Message----- From: fedora-list-bounces@redhat.com [mailto:fedora-list-bounces@redhat.com] On Behalf Of Neil Marjoram Sent: Thursday, September 29, 2005 9:31 AM To: fedora-list@redhat.com Subject: NFS and denying access to subnets
OK I've been trying for ages now but I just can't seem to get this into my head.
I have 8 subnets on my network 10.1.1.0 mask is 255.255.255.224 or /27, I would like all but one of these subnets to be able to mount from my NFS server. So I thought I'd add the relevant lines into /etc/hosts.allow and /etc/hosts.deny;
It's long, so I've shortened it. /etc/host.allow portmap:10.1.1.0/255.255.255.224 lockd:10.1.1.0/255.255.255.224 mountd:10.1.1.0/255.255.255.224 rquoted:10.1.1.0/255.255.255.224 statd:10.1.1.0/255.255.255.224 portmap:10.1.1.32/255.255.255.224 lockd:10.1.1.32/255.255.255.224 mountd:10.1.1.32/255.255.255.224 rquoted:10.1.1.32/255.255.255.224 statd:10.1.1.32/255.255.255.224
And all the other 5 networks.
And in the /etc/hosts.deny
portmap:10.1.1.160/255.255.255.224 lockd:10.1.1.160/255.255.255.224 mountd:10.1.1.160/255.255.255.224 rquoted:10.1.1.160/255.255.255.224 statd:10.1.1.160/255.255.255.224
I have restarted NFS and Portmap, but alas those systems on the 160 network can still mount and see nfs mounts.
Am I barking up the wrong tree and is there an easier way to accomplish this ?
Many thanks
Neil.
whats your /etc/exports look like? I think you can do the following:
/home 10.1.1.32/255.255.255.224(rw) /home 10.1.1.160/255.255.255.224(noaccess)
-Mike