Firewall and nfs mounts
Anne Wilson
annew at kde.org
Tue Aug 25 13:25:06 UTC 2009
On Tuesday 25 August 2009 00:16:28 Ed Greshko wrote:
> Anne Wilson wrote:
> > On Monday 24 August 2009 15:44:20 Bill McGonigle wrote:
> >> On 08/24/2009 08:15 AM, Anne Wilson wrote:
> >>> What ports are necessarily opened on an nfs server? Does the client
> >>> need any ports opened?
> >>
> >> If you can limit yourself to NFSv4 you're much better off in this
> >> department. I have this on an NFSv4 server:
> >>
> >> # NFS
> >> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --source
> >> 192.168.1.32/27 --dport 2049 -j ACCEPT
> >>
> >> and nothing on a working client other than the standard:
> >>
> >> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> >
> > Thanks. That's something to work on. Although I have had a working
> > firewall in the past, I'm not really familiar with iptables setup. Since
> > a gui tool was provided I expected it to do the necessary (this is
> > system-config- securitylevels on CentOS) but it doesn't. I used
> > shorewall to set up my firewall long ago, and I'm beginning to think I
> > might be better of seeing if there's a package for CentOS. Gui tools
> > seem nice, but I don't like the fact that they rarely tell you what the
> > are and aren't doing.
>
> When it comes to a shorewall package for CentOS or RHEL you can enable
> the EPEL repository https://fedoraproject.org/wiki/EPEL
>
Thanks, Ed. I should be able to get to that tomorrow. The thing is that I
only want nfs across the lan. The router would stop any external attempts to
use nfs mounting, so it seems to me that trusting the local zone might be all
that's needed. I think that is straightforward, IIRC, in shorewall.
Anne
--
New to KDE4? - get help from http://userbase.kde.org
Just found a cool new feature? Add it to UserBase
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20090825/111b8586/attachment-0001.bin
More information about the users
mailing list