Re: NFS mounting problems. Please help.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Michael Schwendt wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 02 May 2003 11:32:08 -0400, Joseph Tate wrote:



Answers intermingled.



As it should be. ;)




For instance, on the NFS server, if you add a log rule right after
the "trust eth0" rule,

-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j LOG --log-level alert

do you see anything in the logs upon booting an NFS client?



Yes, tons of stuff.



Ok, that would be proof that traffic from eth0 is not caught by the earlier ACCEPT rule. Interesting. I wish I could reproduce that. Based on the LOG messages and the currently loaded rules, you should be able to demonstrate that NFS traffic is not allowed. But is it just traffic related to Portmap/NFS or do you get connection refused also for other services?

Well, NTP connections seem to be flaky too, but once I can mount, the NTP connection problems go away. I haven't tried ssh or http connections, but those have explicit accept rules, so not sure that would help.

Re-running lokkit, and starting from scratch, I can now boot the clients with NFS mounts connecting successfully.
The /etc/sysconfig/iptables file now looks like the following:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 993 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 995 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 123 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 389 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 636 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT









[Index of Archives]     [Fedora Users]     [Centos Users]     [Kernel Development]     [Red Hat Install]     [Red Hat Watch]     [Red Hat Development]     [Red Hat Phoebe Beta]     [Yosemite Forum]     [Fedora Discussion]     [Gimp]     [Stuff]     [Yosemite News]

  Powered by Linux