Hi,
For information, there is an interesting way to use iptables/ipchains on
systems running NFS.
The idea is to configure NFS in order to prevent the use of random ports
as much as possible, and then to apply the relevant firewall rules.
For instance, you can find information here:
http://www.lowth.com/LinWiz/nfs_help.html
I hope this will help,
Romain.
On Tue, 2005-01-04 at 17:59 +0000, Dimitris Zilaskos wrote:
> Santanu Das wrote:
>
> > Hi,
>
> Hello and a happy new year!
> >
> > I'm getting a serious trouble with NFS mount. '/opt/local/lonux/7.3'
> of
> ^^^^^^^^
> You
> mean linux here I guess
>
> >
> > [root@serv05 root]# ipchains -L
> > Chain input (policy ACCEPT):
> n/a
> > REJECT tcp -y---- anywhere anywhere
> any
> > -> 0:1023
> > REJECT udp ------ anywhere anywhere
> any
> > -> 0:1023
>
>
> This two lines are the cause of your problem. You are blocking tcp
> and
> udp connections on ports <1024 apart from ssh and httpd but nfs and
> portmapper use ports in that range both tcp and udp . It is not that
> simple to block lower ports if you want to use NFS. I suggest
> allowing
> full access for your cluster`s ip ranges to the lcfgng server.
>
> Best regards,
>
>
> --
>
===========================================================================
=
>
> Dimitris Zilaskos
>
> Department of Physics @ Aristotle Univercity of Thessaloniki , Greece
> PGP key : http://tassadar.physics.auth.gr/~dzila/pgp_public_key.asc
> http://egnatia.ee.auth.gr/~dzila/pgp_public_key.asc
> MD5sum : de2bd8f73d545f0e4caf3096894ad83f pgp_public_key.asc
>
===========================================================================
=
>
--
Romain Wartel
CCLRC Rutherford Appleton Laboratory
e-Science Centre
Chilton, Didcot, OXON, OX11 0QX, UK
[log in to unmask]
|