[ale] NFS and ipchains
gene
gene at mmc-inc.com
Wed Jan 23 17:33:35 EST 2002
OK, I guess I need to learn ipchains instead of floundering around
everytime I need to mess with it but, in the mean time ;-), I sure could
use some suggestions on getting the right rules in
/etc/sysconfig/ipchains (Red Hat 7.1) to allow an NFS mount.
Ideally, I want to allow only the specific client (192.168.1.13) to
mount a f/s from the server (192.168.1.12). The rules I was playing
with below, I was first just trying to limit it to a given network.
The nfs server (Red Hat 7.1, 192.168.1.12) has the following rules:
[root at server]# ipchains -L
Chain input (policy ACCEPT):
target prot opt source destination ports
ACCEPT tcp -y---- 192.168.1.0/24 192.168.1.0/24 any -> nfs
ACCEPT udp ------ 192.168.1.0/24 192.168.1.0/24 any -> nfs
ACCEPT tcp -y---- anywhere anywhere any -> ssh
ACCEPT tcp -y---- anywhere anywhere any -> http
ACCEPT tcp -y---- anywhere anywhere any -> 8082
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere anywhere n/a
REJECT tcp -y---- anywhere anywhere any -> 0:1023
REJECT udp ------ anywhere anywhere any -> 0:1023
REJECT tcp -y---- anywhere anywhere any -> x11:6009
REJECT tcp -y---- anywhere anywhere any -> xfs
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
The nfs client (a solaris 8 box, 192.168.1.13) can mount /media just
fine if i shutdown ipchains on the nfs server. With the above rules in
place i get:
{root at client}# mount -r server:/media /backup/media
nfs mount: server: : RPC: Rpcbind failure - RPC: Unable to receive
nfs mount: retrying: /backup/media
Anyone want to suggest a rule that will work?
Thanks,
Gene
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list