[fw-wiz] Configuring firewall with nfs - problem!

From: Johan Glimming (glimming_at_nada.kth.se)
Date: 05/19/03

  • Next message: TSimons_at_Delphi-Tech.com: "[fw-wiz] FYI: PIX v6.3(1) fixed ISAKMP Renegotiation Problems" 
    To: firewall-wizards@honor.icsalabs.com
Date: Mon, 19 May 2003 14:12:46 +0200 (CEST)

    Dear All,

    I have a problem with my Redhat 9 installation. I am trying to enable NFS
    but the respective ports are rejected. This is the contents of my
    /etc/sysconfig/iptables, i.e. the firewall rules:

    # Enable NFS, Webb, FTP, SSH for sputnik
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Lokkit-0-50-INPUT - [0:0]
    -A INPUT -j RH-Lokkit-0-50-INPUT
    -A FORWARD -j RH-Lokkit-0-50-INPUT

    # NFS rules
    -A INPUT -f -j ACCEPT -s 192.168.0.5
    -A INPUT -s 192.168.0.5 -p tcp -m tcp --dport 32765:32768 -j ACCEPT
    -A INPUT -s 192.168.0.5 -p udp -m udp -d 0/0 --dport 32765:32768 -i eth0 -j ACCEPT
    -A INPUT -s 192.168.0.5 -p tcp -m tcp --dport 2049 -j ACCEPT
    -A INPUT -s 192.168.0.5 -p udp -m udp -d 0/0 --dport 2049 -i eth0 -j ACCEPT
    -A INPUT -s 192.168.0.5 -p tcp -m tcp --dport 111 -j ACCEPT
    -A INPUT -s 192.168.0.5 -p udp -m udp --dport 111 -j ACCEPT

    # Other rules
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 10.0.0.1 --sport 53 -d 0/0 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 10.0.0.2 --sport 53 -d 0/0 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
    COMMIT

    As you see, the server is 192.168.0.4 and the client is 192.168.0.5. I
    want to set up rules such that only the client 192.168.0.5 can access NFS
    in my 192.168.0.4 server, hence the -s parameters.

    I appreciate some help,
    Johan

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: TSimons_at_Delphi-Tech.com: "[fw-wiz] FYI: PIX v6.3(1) fixed ISAKMP Renegotiation Problems"

    Relevant Pages

    • Re: NFS with Windows 2003 Server
      ... >> Please let me know of to enable NFS on a Windows 2003 Server to allow ... >> UNIX hosts to access to the server hard disk. ... > file sharing capabilities of your Windows 2003 server. ...
      (comp.os.linux.networking)
    • Re: NFS with Windows 2003 Server
      ... > Please let me know of to enable NFS on a Windows 2003 Server to allow ... > UNIX hosts to access to the server hard disk. ... Ask on a Windows related newsgroup. ...
      (comp.os.linux.networking)
    • RE: serial ports?
      ... including the client file system, smart cards, audio, serial ... ports, printers, and the clipboard. ... terminal services only can redirect the serial ports to the Terminal ... redirected to the Terminal Server. ...
      (microsoft.public.windows.terminal_services)
    • Re: Exchange ports through firewall?
      ... I take there are too many ports to open if we use the full client method? ... in this case if you want to provide clients RPC/MAPI access across a firewall, you can restrict clients and server to a narrower range of ports, or alternatively open a lot more ports on the firewall. ...
      (microsoft.public.exchange.admin)
    • Re: Microsoft FTP and Linksys BEFSR41 (okay, Kerio 2.1.5 also)
      ... configure PASV on your server, and ask people to use PASV ... If the client has a router which isnt well implemented for FTP ... it will drop incoming connections on high ports ...
      (comp.security.firewalls)