Re: IPMasqing NFS
Mike Fedyk <mfedyk@matchmail.com> writes:
> On Tue, May 08, 2001 at 08:54:26PM -0700, Krzys Majewski wrote:
> > I would like to NFS-mount a directory on a remote host located behind an
> > ipmasq'ing gateway/firewall. The gateway runs 2.2.17, the remote box
> > runs 2.4.2, the local box runs SunOS-5.8-i386. I tried adding trivial
> > rules to my ipmasq script, copying the ones for sshd and replacing the
> > sshd port with whichever port the NFS service uses, but no juice. If I
> > remember correctly, the mount on the solaris box fails with "RPC:
> > Rpcbind failure - RPC: Unable to receive". Not much on dejanews for
> > this one. The remote box is a somewhat customized Debian/potato.
> > -chris
> Try rpcinfo, if that won't get through, you need to make sure that you let
> through the statd port.
Here's what rpcinfo says:
[okocim]13:55:34[/etc]$ rpcinfo gw.krzys.com
rpcinfo: can't contact rpcbind: : RPC: Unable to receive; errno = Connection refused; System error
What's statd? I'm now doing the following on my firewall:
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -i eth0 -s 10.0.0.0/24 -j MASQ
/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L 24.115.135.172 2222 -R 10.0.0.3 2222
/usr/sbin/ipmasqadm portfw -a -P tcp -L 24.115.135.172 2049 -R 10.0.0.3 2049
/usr/sbin/ipmasqadm portfw -a -P tcp -L 24.115.135.172 111 -R 10.0.0.3 111
The last three correspond to sshd, nfs, and sunrpc, but I have no idea
what I'm doing (sshd works, nfs doesn't).
> Remember with nfs:
>
> Anyone can act as any of your users! I would setup a IPsec tunnel for this
> myself if I did this at all.
What's an IPsec tunnel and how do I set one up?
-chris
Reply to: