nfs sanity check

George Toft plug-discuss@lists.PLUG.phoenix.az.us
Sat, 07 Jul 2001 14:06:26 -0700


Hi Hans,

cat /etc/hosts.deny:
#
# hosts.deny    This file describes the names of the hosts which are
#               *not* allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow.  In particular
# you should know that NFS uses portmap!
#

I think the answer is yes.  Time to tune up ipchains/iptables to
limit access even more.

George


"der.hans" wrote:
> 
> moin, moin,
> 
> is portmap needed for a client to mount an nfs partition?
> 
> The following that turned up in a google search was shown to me:
> 
>    This is caused by the portmap daemon not running. Both the loopback
>    interface and the portmap daemon should be running before mounting any
>    NFS filesystems (except /), or you must supply the "nolock" mount option
>    to turn off NFS locking. However, if you do use "nolock", you will not be
>    able to use any file locking on the NFS mounts.
> 
> Don't want portmap going unless it has to be...
> 
> If it is running for client stuff, does the server need to be able to talk
> to it? In other words can I firewall and /etc/hosts.deny it down to local
> access only?
> 
> ciao,
> 
> der.hans
> --
> # der.hans@LuftHans.com home.pages.de/~lufthans/ www.DevelopOnline.com
> #  Knowledge is useless unless it's shared. - der.hans
> 
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss