[ale] IPChains, IPTables, aargh...

Charles Marcus CharlesM at Media-Brokers.com
Wed Jan 23 18:10:08 EST 2002 

Anybody tried out EasyTables yet?  Its a IPTables rules builder with a GUI.

http://freshmeat.net/projects/easytables/

> -----Original Message-----
> From: gene [mailto:gene at mmc-inc.com]
> Sent: Wednesday, January 23, 2002 5:34 PM
> To: ale at ale.org
> Subject: [ale] NFS and ipchains
> 
> 
> OK, I guess I need to learn ipchains instead of floundering around
> everytime I need to mess with it but, in the mean time ;-), I 
> sure could
> use some suggestions on getting the right rules in
> /etc/sysconfig/ipchains (Red Hat 7.1) to allow an NFS mount.
> 
> Ideally, I want to allow only the specific client (192.168.1.13) to
> mount a f/s from the server (192.168.1.12).  The rules I was playing
> with below, I was first just trying to limit it to a given network.
> 
> The nfs server (Red Hat 7.1, 192.168.1.12) has the following rules:
> 
> 
> [root at server]# ipchains -L
> Chain input (policy ACCEPT):
> target   prot opt     source       destination           ports
> ACCEPT   tcp  -y----  192.168.1.0/24 192.168.1.0/24        
> any ->   nfs
> ACCEPT   udp  ------  192.168.1.0/24 192.168.1.0/24        
> any ->   nfs
> ACCEPT   tcp  -y----  anywhere     anywhere              any ->   ssh
> ACCEPT   tcp  -y----  anywhere     anywhere              any ->   http
> ACCEPT   tcp  -y----  anywhere     anywhere              any ->   8082
> ACCEPT   all  ------  anywhere     anywhere              n/a
> ACCEPT   all  ------  anywhere     anywhere              n/a
> REJECT   tcp  -y----  anywhere     anywhere              any 
> ->   0:1023
> REJECT   udp  ------  anywhere     anywhere              any 
> ->   0:1023
> REJECT   tcp  -y----  anywhere     anywhere              any 
> -> x11:6009
> REJECT   tcp  -y----  anywhere     anywhere              any ->   xfs
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
> 
> 
> 
> 
> The nfs client (a solaris 8 box, 192.168.1.13) can mount /media just
> fine if i shutdown ipchains on the nfs server.  With the 
> above rules in
> place i get:
> 
> {root at client}# mount -r server:/media /backup/media
> nfs mount: server: : RPC: Rpcbind failure - RPC: Unable to receive
> nfs mount: retrying: /backup/media
> 
> 
> 
> Anyone want to suggest a rule that will work?
> 
> Thanks,
> 
> 
> Gene
> 
> 
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. 
> Problems should be 
> sent to listmaster at ale dot org.
> 



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.

More information about the Ale mailing list