Hi Mark,
I got NFS server to work behind a firewall (iptables) by forcing NFS to
always listen and respond on a specific port.
from the init script:
startproc /usr/sbin/rpc.mountd -P 960 $PARAMS
Then I set up a rule:
# Insert the IP address of each client you want to export NFS to
# separated with spaces
NFS_EXPORT="10.0.1.10 10.0.1.11 10.0.1.13 10.0.1.201"
for NFS_IP in $NFS_EXPORT; do
### RPC & NFS
# SUN-RPC
$IPTABLES -A INPUT -s $NFS_IP -p tcp --dport 111 -j ACCEPT
$IPTABLES -A INPUT -s $NFS_IP -p udp --dport 111 -j ACCEPT
# Userspace NFS
$IPTABLES -A INPUT -s $NFS_IP -p tcp --dport 2049 -j ACCEPT
$IPTABLES -A INPUT -s $NFS_IP -p udp --dport 2049 -j ACCEPT
# mountd & ugidd
$IPTABLES -A INPUT -s $NFS_IP -p tcp --dport 960 -j ACCEPT
$IPTABLES -A INPUT -s $NFS_IP -p udp --dport 960 -j ACCEPT
done
HTH
George
On Sun, August 7, 2005 9:37 pm, Mark Jarvis wrote:
>
> *nix file sharing (aka NFS) works best and easiest between machines that
> are NOT running individual firewalls. In that case they MUST have a
> really good firewall machine sitting between them and the net.
>
> AAMOF, if someone knows of a simple tutorial on how to configure a Linux
> box's firewall to allow NFS traffic but block just about everything
> else, I'd REALLY like a pointer to it. The only times I've gotten NFS to
> work, it was on boxen with firewalls off. In that case, it's dirt
> simple--but you gotta be behind a really tight firewall box.
>
> -mj-
>
> Craig White wrote:
>> On Sun, 2005-08-07 at 01:47 -0700, Glitch wrote:
>>
>>>Hello All,
>>>
>>> I could really use some help with some networking stuff. I have a
>>>couple of Linux computers on a network together but don't know how to
>>>make them see each other. What I need is the equal to drive mapping in
>>>windows. I think that I might be able to do this through NFS but I am
>>>not even sure how. So please any input on the issue would be great. I
>>>am trying to connect two PC's running Suse 9.3. Both computers have
>>>routable IP addresses and I cannot through SSH and FTP without issue
>>>just need something more like network file access.
>>>
>>
>> -----
>> SuSE may have some 'how-to' on NFS and networking issues.
>>
>> You probably have to consider firewall can block stuff so if you have
>> these computers on the same network, try to make this work with the
>> firewall settings off on the computers at first.
>>
>> Now for the 'how-tos' - always check tldp.org (the linux documentation
>> project)
>>
>> http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html/
>>
>> see the 'networking' and 'NFS' how-tos
>>
>> Craig
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change you mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
George Toft, CISSP, MSIS
AGD,LLC
www.agdllc.com
623-203-1760
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss