I have not tried NFS under netware.
Riddle me this: If port 111 is blocked at the router, then isn't
the router acting as a [crude] firewall (in an abstract sense)?
It is enacting a policy in that it is inspecting packets and dropping
those destined for port 111. That meets the definition of a firewall.
Granted, it's not a particularly good firewall.
To answer the question, that is an improvement, but I have some
reservations about it. I would be tweaking the IPChains/IPTables
rules big time, and using two NICs. Like this:
80 80 20, 21,
443 443 22, 111, etc
INTERNET-----ROUTER-----Web Server----------------File Server
The numbers indicate the ports open on that NIC.
Ideas, comments from the gallery?
George
foodog wrote:
>
> Thanks, George, I'll give it a shot. In your opinion, is it possible to
> run NFS securely on a public network? How about if TCP port 111 is
> blocked at the router?
>
> One more question since you're here. Have you ever tried NFS under
> Netware? I got that running with minimal pain, but I don't have a
> Solaris box to compare its performance with.
>
> Thanks again,
>
> Steve
>
> FWIW, an iso of Netware 6 beta 3 is available for free download. Comes
> with lots of nifty things: Novell's webserver, Apache w/ Tomcat, native
> support for Windows, Macs and NFS, luser-friendly printing stuff (BFD),
> secure web-based file access and admin, improved clustering & SMP, etc.
> etc. On merit, it should stomp Windows/Hailstorm, but I'm not holding
> my breath.
>
> George Toft wrote:
> >
> > The description in the Linux Network Admin Guide (ch 11) is simple and
> > worked without tweeks/hacks. First time I tried it was on a single
> > computer. Worked really well. Then I tried it in a mixed environment,
> > Linux/Solaris. Solaris NFS code seems to run much faster than Linux'.
> >
> > George's Simple How To:
> > Server: Put the directory you want to export in /etc/exports
> > Make sure portmapper is running.
> > Client: Make sure /etc/rc3.d/S25nfs is enabled
> > mount -t nfs server:/directory mountpoint
> >
> > Warning: Don't even THINK about putting either of these on your
> > firewall.
> >
> > George
> >
> > foodog wrote:
> > >
> > > Gary Nichols wrote:
> > > >
> > > > Alan, good luck on your project and please keep us PLUG'ers posted on
> > > > your progress. Your home sounds like the perfect test bed for this
> > > > concept. :-) I was thinking of doing something similar for my girls
> > > > but I can't get them off the computers long enough to do a reconfig.
> > > > :-) I'm still wondering why my 13-year old is thumbing through my
> > > > vi/bash books.... *grin* Ok, I know why. hehehe She's living with a
> > > > linux geek.
> > > >
> > > > Anyone else thinking of trying this?
> > >
> > > I burned the CDs in July but I'm still waiting for the mythical Free
> > > Time to try it :-)
> > >
> > > I don't have the spare hardware at home, and haven't built it a firewall
> > > to live behind at work. I'm hoping to stumble across a "NFS for the
> > > paranoid mini-HOWTO".
> > >
> > > Steve
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)