[fw-wiz] Configuring firewall with nfs - problem!

From: Johan Glimming (glimming_at_nada.kth.se)
Date: 05/19/03

  • Next message: TSimons_at_Delphi-Tech.com: "[fw-wiz] FYI: PIX v6.3(1) fixed ISAKMP Renegotiation Problems"
    To: firewall-wizards@honor.icsalabs.com
    Date: Mon, 19 May 2003 14:12:46 +0200 (CEST)
    

    Dear All,

    I have a problem with my Redhat 9 installation. I am trying to enable NFS
    but the respective ports are rejected. This is the contents of my
    /etc/sysconfig/iptables, i.e. the firewall rules:

    # Enable NFS, Webb, FTP, SSH for sputnik
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Lokkit-0-50-INPUT - [0:0]
    -A INPUT -j RH-Lokkit-0-50-INPUT
    -A FORWARD -j RH-Lokkit-0-50-INPUT

    # NFS rules
    -A INPUT -f -j ACCEPT -s 192.168.0.5
    -A INPUT -s 192.168.0.5 -p tcp -m tcp --dport 32765:32768 -j ACCEPT
    -A INPUT -s 192.168.0.5 -p udp -m udp -d 0/0 --dport 32765:32768 -i eth0 -j ACCEPT
    -A INPUT -s 192.168.0.5 -p tcp -m tcp --dport 2049 -j ACCEPT
    -A INPUT -s 192.168.0.5 -p udp -m udp -d 0/0 --dport 2049 -i eth0 -j ACCEPT
    -A INPUT -s 192.168.0.5 -p tcp -m tcp --dport 111 -j ACCEPT
    -A INPUT -s 192.168.0.5 -p udp -m udp --dport 111 -j ACCEPT

    # Other rules
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 10.0.0.1 --sport 53 -d 0/0 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 10.0.0.2 --sport 53 -d 0/0 -j ACCEPT
    -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
    -A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
    COMMIT

    As you see, the server is 192.168.0.4 and the client is 192.168.0.5. I
    want to set up rules such that only the client 192.168.0.5 can access NFS
    in my 192.168.0.4 server, hence the -s parameters.

    I appreciate some help,
    Johan

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: TSimons_at_Delphi-Tech.com: "[fw-wiz] FYI: PIX v6.3(1) fixed ISAKMP Renegotiation Problems"