On Tuesday 25 August 2009 19:27:38 Bill Davidsen wrote: > Anne Wilson wrote: > > On Tuesday 25 August 2009 00:16:28 Ed Greshko wrote: > >> Anne Wilson wrote: > >>> On Monday 24 August 2009 15:44:20 Bill McGonigle wrote: > >>>> On 08/24/2009 08:15 AM, Anne Wilson wrote: > >>>>> What ports are necessarily opened on an nfs server? Does the client > >>>>> need any ports opened? > >>>> > >>>> If you can limit yourself to NFSv4 you're much better off in this > >>>> department. I have this on an NFSv4 server: > >>>> > >>>> # NFS > >>>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --source > >>>> 192.168.1.32/27 --dport 2049 -j ACCEPT > >>>> > >>>> and nothing on a working client other than the standard: > >>>> > >>>> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > >>> > >>> Thanks. That's something to work on. Although I have had a working > >>> firewall in the past, I'm not really familiar with iptables setup. > >>> Since a gui tool was provided I expected it to do the necessary (this > >>> is system-config- securitylevels on CentOS) but it doesn't. I used > >>> shorewall to set up my firewall long ago, and I'm beginning to think I > >>> might be better of seeing if there's a package for CentOS. Gui tools > >>> seem nice, but I don't like the fact that they rarely tell you what the > >>> are and aren't doing. > >> > >> When it comes to a shorewall package for CentOS or RHEL you can enable > >> the EPEL repository https://fedoraproject.org/wiki/EPEL > > > > Thanks, Ed. I should be able to get to that tomorrow. The thing is that > > I only want nfs across the lan. The router would stop any external > > attempts to use nfs mounting, so it seems to me that trusting the local > > zone might be all that's needed. I think that is straightforward, IIRC, > > in shorewall. > > For internal use the "insecure" option may be all you need. I export some > things from various servers, attached is a little part of the process, a > function to do the export by bind mounting directories into the "/export" > space then exporting from there. That way any moves of the "real" location > are hidden, clients always mount a short name. > > Note that this attachment has been cleansed a bit of addresses and > comments, take as an example to test before use. Thanks, Bill. I'll study it. Anne -- New to KDE4? - get help from http://userbase.kde.org Just found a cool new feature? Add it to UserBase
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
