On Thu, 2007-02-08 at 20:31 +0200, Gilboa Davara wrote: > On Wed, 2007-02-07 at 14:52 -0600, Arthur Pemberton wrote: > > On 2/7/07, Daniel Yek <dyek@xxxxxxxx> wrote: > > > At 12:44 PM 2/7/2007, Arthur Pemberton wrote: > > > >On 2/7/07, Daniel Yek <dyek@xxxxxxxx> wrote: > > > >>Hi, > > > >> > > > >>It was a while ago when I read that NFS was difficult to secure with (the > > > >>use of) ssh and iptables (or something like that). > > > >> > > > >>I really needed an alternative that works and can be made secure. Is GFS a > > > >>suitable replacement for NFS? If not, what is the closest thing to NFS? > > > >> > > > >>Thanks. > > > > > > > >Subdue NFS to use only one port, firewall all other ports > > > >off....possible filter the NFS port too? > > > > > > Thanks for replying. > > > > > > That is what I read and I was looking for an alternative to that. Is there > > > other solution? Or this is the best available solution already? > > > > Well, if you can suggest how the solution could be made better, I or > > others can maybe suggest how to implement it. > > > > The only other thing i can thing of is have port mapper interface with > > iptables in a plug and play type firewall way (or however Windows > > refers to it) > > > > No need to. > Just configure the ports in /etc/sysconfig/nfs and open a hole for them. > E.g: > # > # /etc/sysconfig/nfs > # > # mountd 2050/tcp > # mountd 2050/udp > MOUNTD_PORT=2050 > > # rquotad 2051/tcp > # rquotad 2051/udp > RQUOTAD_PORT=2051 > > # nlockmgr 2052/tcp > # nlockmgr 2052/udp > LOCKD_TCPPORT=2052 > LOCKD_UDPPORT=2052 > > # status 2053/tcp > # status 2053/udp > STATD_PORT=2053 > STATD_OUTGOING_PORT=2054 > > - Gilboa Forgot to add. You can then use SSH port redirection (ssh -L) to access these ports over a secure connection. - Gilboa -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
