On Wed, 2007-02-07 at 14:52 -0600, Arthur Pemberton wrote: > On 2/7/07, Daniel Yek <dyek@xxxxxxxx> wrote: > > At 12:44 PM 2/7/2007, Arthur Pemberton wrote: > > >On 2/7/07, Daniel Yek <dyek@xxxxxxxx> wrote: > > >>Hi, > > >> > > >>It was a while ago when I read that NFS was difficult to secure with (the > > >>use of) ssh and iptables (or something like that). > > >> > > >>I really needed an alternative that works and can be made secure. Is GFS a > > >>suitable replacement for NFS? If not, what is the closest thing to NFS? > > >> > > >>Thanks. > > > > > >Subdue NFS to use only one port, firewall all other ports > > >off....possible filter the NFS port too? > > > > Thanks for replying. > > > > That is what I read and I was looking for an alternative to that. Is there > > other solution? Or this is the best available solution already? > > Well, if you can suggest how the solution could be made better, I or > others can maybe suggest how to implement it. > > The only other thing i can thing of is have port mapper interface with > iptables in a plug and play type firewall way (or however Windows > refers to it) > No need to. Just configure the ports in /etc/sysconfig/nfs and open a hole for them. E.g: # # /etc/sysconfig/nfs # # mountd 2050/tcp # mountd 2050/udp MOUNTD_PORT=2050 # rquotad 2051/tcp # rquotad 2051/udp RQUOTAD_PORT=2051 # nlockmgr 2052/tcp # nlockmgr 2052/udp LOCKD_TCPPORT=2052 LOCKD_UDPPORT=2052 # status 2053/tcp # status 2053/udp STATD_PORT=2053 STATD_OUTGOING_PORT=2054 - Gilboa -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
