Re: /etc/hosts.allow
On Tuesday 10 April 2001 04:39, Robert Voigt wrote:
To restart daemons just use the scripts in /etc/init.d/
like this
#/etc/init.d/portmap restart
The server needs the following daemons running:
portmap, nfs-common, nfs-server
The client needs portmap and nfs-common
My question is, can you mount the nfs share remotely
when the entry in /etc/hosts.deny is removed, and in /etc/hosts.allow you put
"ALL: ALL"?
I would suggest using ipchains to block nfs and rpc from the outside, like
this, where 192.168.1.1 is your machines **external** interface (i.e., the
one connected to the world):
ipchains -A input -l -p tcp -s 0/0 -d 192.168.1.1 111 -j DENY
ipchains -A input -l -p udp -s 0/0 -d 192.168.1.1 111 -j DENY
ipchains -A input -l -p tcp -s 0/0 -d 192.168.1.1 2049 -j DENY
ipchains -A input -l -p udp -s 0/0 -d 192.168.1.1 2049 -j DENY
remove the "-l" if you don't want log entries.
> Thank you all who gave advice on /etc/hosts.deny. I just put in the line
> portmap: ALL
> which I found in the NFS HOWTO and it worked. I tried that before I asked
> for advice and it didn't work. Maybe I had a bad day.
> Now I can't mount anything on this machine from the other one on the LAN,
> and I hope this will prevent anyone from the outside world to break into my
> system, because that's why I do it.
> To allow the other machine on the LAN access to mine again I put the line
> portmap: 192.168.1.0/255.255.255.0
> in /etc/hosts.allow
> but the other machine still can't mount anything. It gets the error message
> mount: RPC: program not registered
> just like with an empty /etc/hosts.allow.
> I took this from the NFS HOWTO, section 6.3 again.
> 192.168.1.0 is the network and 255.255.255.0 is the netmask in
> /etc/network/interfaces under eth0 on both machines.
> So how can I allow the other machine in my network to access mine without
> allowing anyone from the internet to break in?
--
Tim Kelley
tpkelley@winkinc.com
Reply to: