> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 111 --syn -j ACCEPT
I believe you will need to remove the above rule and replace it w/ these
two following rules.
-A RH-Lokkit-0-50-INPUT -i <internal nic> -p tcp -m tcp --dport nfs -j ACCEPT
-A RH-Lokkit-0-50 INPUT -p <internal nic> -p tcp -m tcp --dport sunrpc -j
ACCEPT
You might also want to add UDP access.
-A RH-Lokkit-0-50-INPUT -i <internal nic> -p udp -m udp --dport nfs -j ACCEPT
-A RH-Lokkit-0-50 INPUT -p <internal nic> -p udp -m udp --dport sunrpc -j
ACCEPT
you should also probably modify your nfs start up script in
/etc/init.d/nfs
NFS has a habit of opening up a RANDOM port for mountd so
you can hardcode this port in the start up script by adding
MOUNTD_PORT=100
if [ -n "$MOUNTD_PORT" ]; then
RPCMOUNTDOPTS="$RPCMOUNTDOPTS --port $MOUNTD_PORT"
fi
I think I added this right around like 48.
In fact I can't remember if I even added the whole thing
but by screwing around w/
MOUNTD_PORT
you can then set the Firewall rules around allowing access to this port
Happy firewalling.
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
