Re: /etc/hosts.allow
> The server needs the following daemons running:
> portmap, nfs-common, nfs-server
> The client needs portmap and nfs-common
>
> My question is, can you mount the nfs share remotely
> when the entry in /etc/hosts.deny is removed, and in /etc/hosts.allow you
> put "ALL: ALL"?
I can mount if both files are empty. I think this is equivalent to having
ALL: ALL" in /etc/hosts.allow, so I didn't try. And the demons are probably
started at boot time by default.
But this is not the problem. I just wanted to use the other machine to verify
that the line
portmap: ALL
actually denies access to everybody, and now I want to enable access to that
one machine in my network again, and from what I read this is done by putting
portmap: 192.168.1.0/255.255.255.0
in /etc/hosts.allow
Is it not as simple as that? Then the NFS HOWTO is wrong, or I have to learn
how to configure Linux for some more years.
> I would suggest using ipchains to block nfs and rpc from the outside, like
> this, where 192.168.1.1 is your machines **external** interface (i.e., the
> one connected to the world):
>
> ipchains -A input -l -p tcp -s 0/0 -d 192.168.1.1 111 -j DENY
> ipchains -A input -l -p udp -s 0/0 -d 192.168.1.1 111 -j DENY
> ipchains -A input -l -p tcp -s 0/0 -d 192.168.1.1 2049 -j DENY
> ipchains -A input -l -p udp -s 0/0 -d 192.168.1.1 2049 -j DENY
>
> remove the "-l" if you don't want log entries.
I wanted to tackle ipchains and all that later, when I set up internet access
for all machines in my LAN via my machine. I don't even know yet exactly what
ipchains is.
Reply to: