Re: question about SPF (mr Meskes, I suppose?)
On Wed, Mar 22, 2000 at 11:01:33AM +0100, Michael Meskes wrote:
> On Wed, Mar 22, 2000 at 10:32:17AM +0100, Giacomo Mulas wrote:
> > SPF-related.
> > 1: How should I set up ipchains in order to be able to import nfs
> > filesystems? Did anybody run into this problem already and find a
> > solution?
> AFAIK NFS is port 2049. You create a HUGE hole by letting nfs through
> though. But I guess you know that.
NFS is NORMALLY port 2049, but not necessarily. It's not fixed.
It can be any arbitrary port. When something wants to mount an
NFS exported filesystem, it asks the portmapper (port 111, I
think. Check /etc/services) for the port to connect to. The
portmapper then checks its list of registered RPC services and
sends back the port number to use.
This is why NFS is hard to packet filter...
You can try allowing ports 111 and 2049 or write some sort of
NFS proxy ;)
Michael Wood | Tel: +27 21 762 0276 | http://www.kingsley.co.za/
email@example.com | Fax: +27 21 761 9930 | Kingsley Technologies