FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo User

 
 
LinkBack Thread Tools
 
Old 04-11-2008, 02:38 PM
"Greg Bowser"
 
Default NFS through a firewall

Please excuse my possible lack of coherency; I have yet to have any
coffee, and I just mediated a battle on IRC, so mehhh

I had a very similar experience a few weeks back. There's that problem
with the thing where the thing is like "hey, Imma use this random
port" and then the other thing is like "oh no you diint". So then
they fight about it. I have debian boxes (against my wishes) and
gentoo boxes in my mix.

The following article was of great use to me:
http://wiki.debian.org/SecuringNFS
--
gentoo-user@lists.gentoo.org mailing list
 
Old 04-11-2008, 02:48 PM
Etaoin Shrdlu
 
Default NFS through a firewall

On Friday 11 April 2008, 15:49, Roger Mason wrote:

> Hello,
>
> I'm trying to configure the firewall on a client to allow that client
> to mount an nfs directory. The client runs a netfilter firewall, the
> server uses tcpwrapper.

http://marc.info/?l=gentoo-user&m=120546886304830&w=2
--
gentoo-user@lists.gentoo.org mailing list
 
Old 04-11-2008, 10:26 PM
Hamie
 
Default NFS through a firewall

On Friday 11 April 2008 13:49:11 Roger Mason wrote:
> Hello,
>
> I'm trying to configure the firewall on a client to allow that client
> to mount an nfs directory. The client runs a netfilter firewall, the
> server uses tcpwrapper.

[deleted]

>
> If I drop the client firewall the mount succeeds.
>
> Can someone help me figure out what must be put in my iptables script
> to get this to work?
>

Do you have the option to run nfsv4? It uses only port tcp-2049. That way you
don't need portmapper (port 111), lockmgr, status, or mountd.

Hamish.
 
Old 04-12-2008, 01:08 AM
Dan Farrell
 
Default NFS through a firewall

On Fri, 11 Apr 2008 11:19:11 -0230
Roger Mason <rmason@esd.mun.ca> wrote:

> Hello,
>
> I'm trying to configure the firewall on a client to allow that client
> to mount an nfs directory. The client runs a netfilter firewall, the
> server uses tcpwrapper.
>
> rpcinfo -p on the server shows:
>
> beryl rmason # rpcinfo -p
> program vers proto port
> 100000 2 tcp 111 portmapper
> 100000 2 udp 111 portmapper
> 100024 1 udp 32765 status
> 100024 1 tcp 32765 status
> 100003 2 udp 2049 nfs
> 100003 3 udp 2049 nfs
> 100003 2 tcp 2049 nfs
> 100003 3 tcp 2049 nfs
> 100021 1 udp 4001 nlockmgr
> 100021 3 udp 4001 nlockmgr
> 100021 4 udp 4001 nlockmgr
> 100021 1 tcp 4001 nlockmgr
> 100021 3 tcp 4001 nlockmgr
> 100021 4 tcp 4001 nlockmgr
> 100005 1 udp 32767 mountd
> 100005 1 tcp 32767 mountd
> 100005 2 udp 32767 mountd
> 100005 2 tcp 32767 mountd
> 100005 3 udp 32767 mountd
> 100005 3 tcp 32767 mountd
>
> When I try to mount the exported directory when the firewall is
> running I get a timeout:
>
> minnie ~ $ mount -v Help/
> mount: trying 134.153.37.5 prog 100003 vers 3 prot tcp port 2049
> mount: trying 134.153.37.5 prog 100005 vers 3 prot udp port 32767
> mount: mount to NFS server 'beryl.esd.mun.ca' failed: timed out
> (retrying).
>
> If I drop the client firewall the mount succeeds.
>
> Can someone help me figure out what must be put in my iptables script
> to get this to work?

Accept all incoming and outgoing connections on the client that
originate from or go to the server. It would look something like this:

iptables -I INPUT -s 134.153.37.55 -j ACCEPT
iptables -I INPUT -s 134.153.37.55 -j ACCEPT

now make sure those will work with your config before just blindly
setting them up!

Best of luck! Hope it works.

-- Dan
--
gentoo-user@lists.gentoo.org mailing list
 
Old 04-14-2008, 12:52 PM
Roger Mason
 
Default NFS through a firewall

Hello,

Dan Farrell <dan@spore.ath.cx> writes:

> On Fri, 11 Apr 2008 11:19:11 -0230
> Roger Mason <rmason@esd.mun.ca> wrote:
>
>> Hello,
>>
>> I'm trying to configure the firewall on a client to allow that client
>> to mount an nfs directory. The client runs a netfilter firewall, the
>> server uses tcpwrapper.
>>
>> Can someone help me figure out what must be put in my iptables script
>> to get this to work?

[snip]

>
> Accept all incoming and outgoing connections on the client that
> originate from or go to the server. It would look something like this:
>
> iptables -I INPUT -s 134.153.37.55 -j ACCEPT
> iptables -I INPUT -s 134.153.37.55 -j ACCEPT
>
> now make sure those will work with your config before just blindly
> setting them up!

Thank you, this works:

> iptables -I INPUT -s 134.153.37.55 -j ACCEPT
> iptables -I OUTPUT -s 134.153.37.55 -j ACCEPT

Many thanks to all who replied.

Roger
--
gentoo-user@lists.gentoo.org mailing list
 
Old 04-14-2008, 12:54 PM
Roger Mason
 
Default NFS through a firewall

Hamie <hamish@travellingkiwi.com> writes:

> On Friday 11 April 2008 13:49:11 Roger Mason wrote:
>> Hello,
>>
>> I'm trying to configure the firewall on a client to allow that client
>> to mount an nfs directory. The client runs a netfilter firewall, the
>> server uses tcpwrapper.
>
> Do you have the option to run nfsv4? It uses only port tcp-2049. That way you
> don't need portmapper (port 111), lockmgr, status, or mountd.

Not at the moment: the server is running a very old (obsolete)
profile, so it is hard to update. A complete rebuild is on my agenda,
but I won't get to it for a few weeks.

It looks like a good solution though.

Cheers,
Roger
--
gentoo-user@lists.gentoo.org mailing list
 
Old 04-28-2008, 10:49 AM
Enrico Weigelt
 
Default NFS through a firewall

* Etaoin Shrdlu <shrdlu@unlimitedmail.org> wrote:
> On Friday 11 April 2008, 15:49, Roger Mason wrote:
>
> > Hello,
> >
> > I'm trying to configure the firewall on a client to allow that client
> > to mount an nfs directory. The client runs a netfilter firewall, the
> > server uses tcpwrapper.
>
> http://marc.info/?l=gentoo-user&m=120546886304830&w=2

BTW: if you don't actually *need* NFS, but just some network
filesystem, you might want to try 9P.


cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux IT service - http://www.metux.de/
---------------------------------------------------------------------
Please visit the OpenSource QM Taskforce:
http://wiki.metux.de/public/OpenSource_QM_Taskforce
Patches / Fixes for a lot dozens of packages in dozens of versions:
http://patches.metux.de/
---------------------------------------------------------------------
--
gentoo-user@lists.gentoo.org mailing list
 
Old 04-28-2008, 12:14 PM
Roger Mason
 
Default NFS through a firewall

Enrico Weigelt <weigelt@metux.de> writes:

>
> BTW: if you don't actually *need* NFS, but just some network
> filesystem, you might want to try 9P.

I finally got this solved with some help from this list.

Your comment about the 9P filesystem is interesting as I'm somewhat
interested in an operating system for a cluster, and the 9P operating
system, from what I've read, was designed as a distributed system from
the start. It is a pity there seems to have been so little software
ported to run on it. I've also played a little with xcpu
(http://xcpu.org/) and may install that in the summer.

Cheers,
Roger
--
gentoo-user@lists.gentoo.org mailing list
 

Thread Tools




All times are GMT. The time now is 12:56 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org