nfs sanity check
George Toft
plug-discuss@lists.PLUG.phoenix.az.us
Sat, 07 Jul 2001 14:06:26 -0700
Hi Hans,
cat /etc/hosts.deny:
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
#
I think the answer is yes. Time to tune up ipchains/iptables to
limit access even more.
George
"der.hans" wrote:
>
> moin, moin,
>
> is portmap needed for a client to mount an nfs partition?
>
> The following that turned up in a google search was shown to me:
>
> This is caused by the portmap daemon not running. Both the loopback
> interface and the portmap daemon should be running before mounting any
> NFS filesystems (except /), or you must supply the "nolock" mount option
> to turn off NFS locking. However, if you do use "nolock", you will not be
> able to use any file locking on the NFS mounts.
>
> Don't want portmap going unless it has to be...
>
> If it is running for client stuff, does the server need to be able to talk
> to it? In other words can I firewall and /etc/hosts.deny it down to local
> access only?
>
> ciao,
>
> der.hans
> --
> # der.hans@LuftHans.com home.pages.de/~lufthans/ www.DevelopOnline.com
> # Knowledge is useless unless it's shared. - der.hans
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss