Santanu Das wrote:
> Hi Romain and Dimitris,
>
> Many thanks for your reply; it's working now.
>
> But, I still need to allow the ports <1024 (as Dimitris suggested) to
> make it work even though I explicitly defined ports (as Romain
> suggests) for NFS to use.
> Am I doing something wrong?
>
> Cheers,
> Santanu
I cant say about that since I never tried it myself , but since you
have to allow most of the <1024 ports with daemons actually listening
on them for your cluster systems , I dont see how attemping to block
/allow only certain ports even for your cluster boxes has any value in
terms of security.
In my opinion providing full access to your boxes on ip bases and
blocking all others is more or less equivelant with opening specifically
all these ports. Furthermore , most lcfgng services obey rules in
/etc/hosts.allow , which provide a good line of defence against
unauthorised access attemps.
There are some good instructions for what you are trying to achieve at
http://nfs.sourceforge.net/nfs-howto/security.html#FIREWALLS
Best regards ,
--
============================================================================
Dimitris Zilaskos
Department of Physics @ Aristotle Univercity of Thessaloniki , Greece
PGP key : http://tassadar.physics.auth.gr/~dzila/pgp_public_key.asc
http://egnatia.ee.auth.gr/~dzila/pgp_public_key.asc
MD5sum : de2bd8f73d545f0e4caf3096894ad83f pgp_public_key.asc
============================================================================
|