NFS trough firewall problem
Damir Dezeljin
programing at mbss.org
Wed Jan 5 16:34:31 UTC 2005
Hi.
I have two NAT-ed network segments. One is my internal network and one is
a 'semi internal' network. Computers from semi-internal network should
have access only to the internet, whiles computers on internal network
should have access both to the internet and limited access to
semi-internal network (telnet, ssh, ftp, ..., NFS).
I read that nfs4 is designed to work also beside firewalls. For this
reason it uses only TCP port 2049. So I added a rule to my firewall:
----
iptables -A FORWARD -s <in_net> -d <semi_net> -m state --state NEW -p
tcp --dport 2049 -j ACCEPT
----
I ran FC3 on both computers (on my semi-net - NFS server and on my
internal net - NFS client). When I'm trying to mount an exported share
with a command like:
----
mount -t nfs4 <semi_net_ip>:/exports /mnt/semi_net
----
I'm getting an error 'mount: Permission denied'.
The same command executed on a NFS client on the semi_net works fine.
BTW: computers on semi_net uses only /etc/hosts files to resolve names
from internal net. Internal computers uses the internal DNS server for
this purpose. The names are correct ... the only difference is that IP-s
can be reverse resolved in the DNS (PTR records) whiles /etc/hosts file
doesn't contain PTR records (heh ... of course ;) ).
Some sugestion how to solve the problem?
Best regards,
Dezo
More information about the users
mailing list