Re: NFS

To: Lindsay Allen <allen@cleo.murdoch.edu.au>
Cc: Hamish Moffatt <hamish@debian.org>
Subject: Re: NFS
From: Hamish Moffatt <hamish@debian.org>
Date: Fri, 26 Dec 1997 14:12:11 +1100
Message-id: <[🔎] 19971226141211.63925@yodeller>
In-reply-to: <Pine.LNX.3.96.971226013944.15624A-100000@elm.cbcfreo.wa.edu.au>; from Lindsay Allen on Fri, Dec 26, 1997 at 01:51:08AM +0000
References: <[🔎] 19971226121736.65409@yodeller> <Pine.LNX.3.96.971226013944.15624A-100000@elm.cbcfreo.wa.edu.au>

On Fri, Dec 26, 1997 at 01:51:08AM +0000, Lindsay Allen wrote:
> How about posting hosts.allow so that we can all learn from this?  My
> tcp/ip skills are still somewhat limited so I can not really work out what
> you have done.

Certainly. My hosts.allow now reads

in.telnetd, in.rlogind, smbd, nmbd, uucico: LOCAL, (list of hosts deleted)

rpc.nfsd, rpc.mountd, portmap: LOCAL, .rising.com.au, 203.63.216.21, 203.63.216.18

Interestingly, those two IP addresses are dialup-1 and dialup-2.rising.com.au
respectively, but if I don't specify those addresses on that line,
I don't see the portmapper.

This goes with a hosts.deny reading

ALL except in.smtpd, blackmail, in.qpopper, wu.ftpd, wu-ftpd: PARANOID
ALL except in.telnetd, wu-ftpd, wu.ftpd, in.pop2d, in.comsat, in.qpopper, cfingerd, in.smtpd, blackmail: ALL

This is for a production system sitting on an ISP's ethernet, ie not
at our premises. I welcome comments about other services I should allow
or disallow; I think this lot should make things pretty secure but still
usable for me and our other staff.

> This whole field seems to be fraught with difficulties.  When trying to
> mount /debian from another box this morning I found that mountd was not
> running in spite of being in /etc/init.d.  Something must have stopped it.

These daemons won't be started unless there is something in
/etc/exports; the netstd_nfs script (in init.d) checks for entries first.

> My bo box exports files in the expected way, but my hamm box does not. 
> Last week it would not export anything unless the client was listed using
> its IP number.  Now it accepts a hostname but has a problem with
> wildcards.  It will not export to a host by using a wildcard unless there
> is a valid explicit entry for that host without a wildcard.  So when
> exporting /debian to gum.scotch.etc this works:-

My nfsd exports fine with *.rising.com.au in /etc/exports, so obviously
it can do the reverse lookup okay, but for some reason my portmap doesn't.
Reverse DNS is certainly configured correctly.

Your problem is very strange! Sorry, I don't have any suggestions.

Hamish
-- 
Hamish Moffatt, hamish@debian.org, hamish@rising.com.au, hmoffatt@mail.com
Latest Debian packages at ftp://ftp.rising.com.au/pub/hamish. PGP#EFA6B9D5
CCs of replies from mailing lists are welcome.   http://hamish.home.ml.org

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: NFS
  - From: George Bonser <grep@oriole.sbay.org>

References:
- Re: NFS
  - From: Hamish Moffatt <hamish@debian.org>

Prev by Date: Dselect problem after upgrading....
Next by Date: Re: Unidentified subject!
Previous by thread: Re: NFS
Next by thread: Re: NFS
Index(es):
- Date
- Thread