FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-03-2008, 12:57 PM
"Jordi Prats"
 
Default firewalled NFS

Hi,
I'm trying to setup a firewalled NFS server. I've configured my server
(CentOS 5) using the following parameters
/etc/sysconfig/nfs
MOUNTD_NFS_V1="no"
MOUNTD_NFS_V2="no"
RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
RPCNFSDCOUNT=64
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020
SECURE_NFS="yes"


modprobe.conf:
options lockd nlm_udpport=4001 nlm_tcpport=4001


But it does not mount it:
# mount 172.20.0.150:/tmp/ /mnt/tmp/
mount: mount to NFS server '172.20.0.150' failed: timed out (giving up).

There's anything else I must setup to use fixed ports ?

Thanks,
--
Jordi
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-03-2008, 11:53 PM
Jay Leafey
 
Default firewalled NFS

Jordi Prats wrote:

Hi,
I'm trying to setup a firewalled NFS server. I've configured my server
(CentOS 5) using the following parameters
/etc/sysconfig/nfs
MOUNTD_NFS_V1="no"
MOUNTD_NFS_V2="no"
RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
RPCNFSDCOUNT=64
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020
SECURE_NFS="yes"


modprobe.conf:
options lockd nlm_udpport=4001 nlm_tcpport=4001


But it does not mount it:
# mount 172.20.0.150:/tmp/ /mnt/tmp/
mount: mount to NFS server '172.20.0.150' failed: timed out (giving up).

There's anything else I must setup to use fixed ports ?

Thanks,


It may be an obvious question, but did you open the ports in iptables?
I use a similar scheme on my NFS servers to "fix" the ports and it just
doesn't work at ALL unless those ports are opened up in iptables. I use
different ports, but here's the lines I inserted into my
/etc/sysconfig/iptables file to get NFS working on the server:



-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT


You'll have to alter the '--dports' and '-s' parameters to match the
ports and IP address range you are using.


Hope that helps!
--
Jay Leafey - Memphis, TN
jay.leafey@mindless.com
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-04-2008, 07:33 AM
"Jordi Prats"
 
Default firewalled NFS

I've no iptables, I'm using a PIX to firewall them

On Wed, Jun 4, 2008 at 1:53 AM, Jay Leafey <jay.leafey@mindless.com> wrote:
> Jordi Prats wrote:
>>
>> Hi,
>> I'm trying to setup a firewalled NFS server. I've configured my server
>> (CentOS 5) using the following parameters
>> /etc/sysconfig/nfs
>> MOUNTD_NFS_V1="no"
>> MOUNTD_NFS_V2="no"
>> RQUOTAD_PORT=875
>> LOCKD_TCPPORT=32803
>> LOCKD_UDPPORT=32769
>> RPCNFSDCOUNT=64
>> MOUNTD_PORT=892
>> STATD_PORT=662
>> STATD_OUTGOING_PORT=2020
>> SECURE_NFS="yes"
>>
>>
>> modprobe.conf:
>> options lockd nlm_udpport=4001 nlm_tcpport=4001
>>
>>
>> But it does not mount it:
>> # mount 172.20.0.150:/tmp/ /mnt/tmp/
>> mount: mount to NFS server '172.20.0.150' failed: timed out (giving up).
>>
>> There's anything else I must setup to use fixed ports ?
>>
>> Thanks,
>
> It may be an obvious question, but did you open the ports in iptables? I use
> a similar scheme on my NFS servers to "fix" the ports and it just doesn't
> work at ALL unless those ports are opened up in iptables. I use different
> ports, but here's the lines I inserted into my /etc/sysconfig/iptables file
> to get NFS working on the server:
>
>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp -s
>> 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT
>> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp -s
>> 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT
>
> You'll have to alter the '--dports' and '-s' parameters to match the ports
> and IP address range you are using.
>
> Hope that helps!
> --
> Jay Leafey - Memphis, TN
> jay.leafey@mindless.com
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>



--
Jordi
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-04-2008, 06:28 PM
mouss
 
Default firewalled NFS

Jordi Prats wrote:

I've no iptables, I'm using a PIX to firewall them



did you open the ports on the pix?


On Wed, Jun 4, 2008 at 1:53 AM, Jay Leafey <jay.leafey@mindless.com> wrote:


Jordi Prats wrote:


Hi,
I'm trying to setup a firewalled NFS server. I've configured my server
(CentOS 5) using the following parameters
/etc/sysconfig/nfs
MOUNTD_NFS_V1="no"
MOUNTD_NFS_V2="no"
RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
RPCNFSDCOUNT=64
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020
SECURE_NFS="yes"


modprobe.conf:
options lockd nlm_udpport=4001 nlm_tcpport=4001


But it does not mount it:
# mount 172.20.0.150:/tmp/ /mnt/tmp/
mount: mount to NFS server '172.20.0.150' failed: timed out (giving up).

There's anything else I must setup to use fixed ports ?

Thanks,


It may be an obvious question, but did you open the ports in iptables? I use
a similar scheme on my NFS servers to "fix" the ports and it just doesn't
work at ALL unless those ports are opened up in iptables. I use different
ports, but here's the lines I inserted into my /etc/sysconfig/iptables file
to get NFS working on the server:



-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp -s
192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp -s
192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT


You'll have to alter the '--dports' and '-s' parameters to match the ports
and IP address range you are using.

Hope that helps!
--
Jay Leafey - Memphis, TN
jay.leafey@mindless.com

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos










_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-06-2008, 06:54 AM
"Jordi Prats"
 
Default firewalled NFS

of course...

On Wed, Jun 4, 2008 at 8:28 PM, mouss <mouss@netoyen.net> wrote:
> Jordi Prats wrote:
>>
>> I've no iptables, I'm using a PIX to firewall them
>>
>
> did you open the ports on the pix?
>
>> On Wed, Jun 4, 2008 at 1:53 AM, Jay Leafey <jay.leafey@mindless.com>
>> wrote:
>>
>>>
>>> Jordi Prats wrote:
>>>
>>>>
>>>> Hi,
>>>> I'm trying to setup a firewalled NFS server. I've configured my server
>>>> (CentOS 5) using the following parameters
>>>> /etc/sysconfig/nfs
>>>> MOUNTD_NFS_V1="no"
>>>> MOUNTD_NFS_V2="no"
>>>> RQUOTAD_PORT=875
>>>> LOCKD_TCPPORT=32803
>>>> LOCKD_UDPPORT=32769
>>>> RPCNFSDCOUNT=64
>>>> MOUNTD_PORT=892
>>>> STATD_PORT=662
>>>> STATD_OUTGOING_PORT=2020
>>>> SECURE_NFS="yes"
>>>>
>>>>
>>>> modprobe.conf:
>>>> options lockd nlm_udpport=4001 nlm_tcpport=4001
>>>>
>>>>
>>>> But it does not mount it:
>>>> # mount 172.20.0.150:/tmp/ /mnt/tmp/
>>>> mount: mount to NFS server '172.20.0.150' failed: timed out (giving up).
>>>>
>>>> There's anything else I must setup to use fixed ports ?
>>>>
>>>> Thanks,
>>>>
>>>
>>> It may be an obvious question, but did you open the ports in iptables? I
>>> use
>>> a similar scheme on my NFS servers to "fix" the ports and it just doesn't
>>> work at ALL unless those ports are opened up in iptables. I use
>>> different
>>> ports, but here's the lines I inserted into my /etc/sysconfig/iptables
>>> file
>>> to get NFS working on the server:
>>>
>>>
>>>>
>>>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp
>>>> -s
>>>> 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT
>>>> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp
>>>> -s
>>>> 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT
>>>>
>>>
>>> You'll have to alter the '--dports' and '-s' parameters to match the
>>> ports
>>> and IP address range you are using.
>>>
>>> Hope that helps!
>>> --
>>> Jay Leafey - Memphis, TN
>>> jay.leafey@mindless.com
>>>
>>> _______________________________________________
>>> CentOS mailing list
>>> CentOS@centos.org
>>> http://lists.centos.org/mailman/listinfo/centos
>>>
>>>
>>>
>>
>>
>>
>>
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



--
Jordi
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-06-2008, 09:33 AM
Tru Huynh
 
Default firewalled NFS

On Fri, Jun 06, 2008 at 08:54:05AM +0200, Jordi Prats wrote:
> of course...

please delete the unneeded lines when you reply as a courtesy
to the other subscribers.

Thanks,

Tru
--
Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance)
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 05:03 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org