Re: iptables and NFS
It is very messy with NFS but I use something like this:
#############################
#NFS connections from someserver
#############################
#portmap tcp/udp
-i eth0 -p tcp --dport 111 -s someserver/32 -j ACCEPT
-i eth0 -p udp --dport 111 -s someserver/23 -j ACCEPT
#status tcp/udp
-i eth0 -p tcp --dport 300:50000 -s someserver/32 -j ACCEPT
-i eth0 -p udp --dport 300:50000 -s someserver/32 -j ACCEPT
#nfs udp/tcp
-i eth0 -p tcp --dport 2040:2049 -s someserver/32 -j ACCEPT
-i eth0 -p udp --dport 2040:2049 -s someserver/32 -j ACCEPT
On 13/12/05 00:09 +0100, Ghe Rivero wrote:
> Hi everyone,
> we are going to use netfilter for our main firewall at University and a
> couples of dudes come to my mind now:
>
> 1.- Since we have severals machines (around 50) and all king of
> services, which is the best way to have everything more or less order?
> 2.- NFS use dinamic ports on conenctions with the clients. Howis it
> supposed to be firewaled (The same can be for some Windows isssues)
> Thx in advanced to everyone!
>
> Ghe Rivero
>
> --
> CPD - Universidad Pontificia de Salamanca
> Tlf. 923 277 136 - Ext. 7263
>
>
> .''`. Pienso, Luego Incordio
> : :' :
> `. `' Proudly running Debian GNU/Linux (Sid 2.6.9-smp Ext3)
> `- www.debian.org www.upsa.es
>
> GPG Key: 26F020F7
> GPG fingerprint: 4986 39DA D152 050B 4699 9A71 66DB 5A36 26F0 20F7
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
--
------------------------------------------
Ted Knab
Stevensville, Maryland 21666 USA
------------------------------------------
I am lone maggot in a sea of pooh.
Reply to: