Firewall not applying some rules on startup
Hello List,
When my LAMP server first fires up it runs a firewall script, but
doesn't seem to be applying the rules that allow NFS connections. If I
then rerun the script manually, the NFS connections work again.
My script has the following sections (other stuff, hopefully not
relevant has been snipped).
<-- Start Firewall script -->
# Get the ports for NFS mountd
NFSPORTS_ARRAY=`rpcinfo -p | awk '/mountd/ {print $4}' | sort | uniq`
for PORT_NUM in $NFSPORTS_ARRAY
do
if [ ! $NFSPORTS ]
then
NFSPORTS=$PORT_NUM
else
NFSPORTS="${NFSPORTS},${PORT_NUM}"
fi
done
# then some rules that define different chains (internal, external etc)
# followed by
label=internal
# Allow NFS connections from internal boxes
$iptables --append $label --match multiport --proto tcp --dport
111,$NFSPORTS --jump ACCEPT
$iptables --append $label --match multiport --proto udp --dport
111,2049,$NFSPORTS --jump ACCEPT
<-- End firewall script -->
After the box is first booted, it rejects attempt to mount the NFS
exports with (from the client side)
$ mount: RPC: Remote system error - Connection refused
The firewall is started from my interfaces file thus:
< -- Start Interfaces file -->
iface eth0 inet static
address 192.168.1.2
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.254
up /etc/network/firewall || true
< -- End Interfaces file -->
After the box is booted, if I ssh into and then rerun the firewall
script, it then accepts NFS connections.
Any idea why it won't accept them without me manually rerunning the
firewall script?
Cheers,
David
Reply to: