pete.... arrgghhhh... something's going wrong again....... i rebooted the server.... and restarted nfs, and the required processes... without iptables running on the client/server.. i can connect from the client to the server. when i enable iptables on the server, the client no longer connects... i get: mount: RPC: Remote system error - Connection refused the iptables for the server is what we used last night... # Firewall configuration written by lokkit # Manual customization of this file is not recommended. # Note: ifup-post will punch the current nameservers through the # firewall; such entries will *not* be listed here. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :RH-Lokkit-0-50-INPUT - [0:0] -A INPUT -j RH-Lokkit-0-50-INPUT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j ACCEPT -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT COMMIT -----Original Message----- From: Pete Nesbitt [mailto:pete@xxxxxxxxx] Sent: Thursday, July 01, 2004 11:01 PM To: bedouglas@xxxxxxxxxxxxx Subject: Re: nfs issue... On July 1, 2004 10:38 pm, you wrote: > we have success!!!!!!!! > > or at least i now have something in iptables running as both > client/server..and i have an nfs server running.... I'm glad it's working! But I would be curuious to know what you ended up with. > > yeah.. i know... i'm going to have to have someone that knows the linux > security issues onboard with this... > > thanks for your time/assistance... i'm calling it a night for this issue > for now... > > -bruce > > ps.. if you're curious, i'm part of a small team, and we're putting > together a startup... right now we're starting to create a focused crawler > to parse university/college sites... so we're going to have a "master" app > that communicates with the clients... on different machines, dealing with > data on a test/shared drive... > > oh.. just thought of another issue... in setting up a mysql server, to be > used by remote clients, we're going to go through this again, aren't > we..???? > > arrgghh!!! > Yup, lots of fun:) you may want to run a 2 or 3 node linux box for a frontend firewall to direct traffic at the edge of your network protecting mysql and others which could have their own local firewalls as well. -- Pete Nesbitt, rhce -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
