Firewall and nfs mounts
Tim
ignored_mailbox at yahoo.com.au
Mon Aug 24 15:55:11 UTC 2009
On Mon, 2009-08-24 at 16:21 +0100, Anne Wilson wrote:
> Since a gui tool was provided I expected it to do the necessary (this
> is system-config-securitylevels on CentOS) but it doesn't.
Yes, but it's only half the problem. You need to configure the NFS
server to be firewall friendly, too. It's not, by default. I don't see
any advantage in that, either.
I would have thought, that by now, Fedora's defaults would be for NFS to
be configured to use NFS4, and use fixed ports. The firewall offers a
NFS4 prepared solution, but the NFS server does not.
I like to use autofs, so that accessing /net/servername/exportname/path
automatically mounts and provides access. But for that to work, I've
either got to trust a large range of ports, trust ALL LAN traffic, or
reconfigure the NFS server. I can't put mounts in the fstab file,
because some computers aren't always part of the LAN.
--
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
More information about the users
mailing list