NFS through firewall
David J. Vernon
redhat at ladadee.com
Fri Nov 18 15:46:36 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
James Pifer wrote:
> On Fri, 2005-11-18 at 07:37 -0700, Craig White wrote:
>
>>On Fri, 2005-11-18 at 09:21 -0500, James Pifer wrote:
>>
>>>On Fri, 2005-11-18 at 09:36 +0000, Nigel Wade wrote:
...<snip>...
>
>
>
> TCP 111 is open. See TCP scan above.
>
> James
>
My remembrance of this is so filled with cobwebs that I may be giving
bad info. That caveat in place, port 111 (portmap) is a doorman type
service. It's job is to suggest another connection (src_port <-->
dst_port) to the client. The src_port and dst_port are not easy to
predict from a firewall perspective. That info is, however, in the
packets of the portmap traffic so many firewalls have RPC support. I
think (info circa 2003) that iptables had a patch-o-matic for RPC. I
know Checkpoint supports Sun RPC. Check to see if the firewall is
blocking the new connection proposed by the portmapper. You can find out
what ports this connection was going to be on by doing a tcpdump on port
111 and looking in the data of the packets. Again, sorry if I'm taking
you down the rabbit hole here. It has been a while since I had to mess
with this.
Dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDffdcwJFm2iv+v4gRAgqWAKCMeFTND0fS1Kz/yfZRMW3KMSapZwCfVieG
4fwwW8/OOgrlrgQJMNOVFeI=
=mttK
-----END PGP SIGNATURE-----
More information about the users
mailing list