[ale] NFS and ipchains

Robert Heaven robertheaven at mediaone.net
Wed Jan 23 18:17:04 EST 2002 

I beleive there is a way you can do what you want in the /etc/exports 
file... try man nfs


gene wrote:

>OK, I guess I need to learn ipchains instead of floundering around
>everytime I need to mess with it but, in the mean time ;-), I sure could
>use some suggestions on getting the right rules in
>/etc/sysconfig/ipchains (Red Hat 7.1) to allow an NFS mount.
>
>Ideally, I want to allow only the specific client (192.168.1.13) to
>mount a f/s from the server (192.168.1.12).  The rules I was playing
>with below, I was first just trying to limit it to a given network.
>
>The nfs server (Red Hat 7.1, 192.168.1.12) has the following rules:
>
>
>[root at server]# ipchains -L
>Chain input (policy ACCEPT):
>target   prot opt     source       destination           ports
>ACCEPT   tcp  -y----  192.168.1.0/24 192.168.1.0/24        any ->   nfs
>ACCEPT   udp  ------  192.168.1.0/24 192.168.1.0/24        any ->   nfs
>ACCEPT   tcp  -y----  anywhere     anywhere              any ->   ssh
>ACCEPT   tcp  -y----  anywhere     anywhere              any ->   http
>ACCEPT   tcp  -y----  anywhere     anywhere              any ->   8082
>ACCEPT   all  ------  anywhere     anywhere              n/a
>ACCEPT   all  ------  anywhere     anywhere              n/a
>REJECT   tcp  -y----  anywhere     anywhere              any ->   0:1023
>REJECT   udp  ------  anywhere     anywhere              any ->   0:1023
>REJECT   tcp  -y----  anywhere     anywhere              any -> x11:6009
>REJECT   tcp  -y----  anywhere     anywhere              any ->   xfs
>Chain forward (policy ACCEPT):
>Chain output (policy ACCEPT):
>
>
>
>
>The nfs client (a solaris 8 box, 192.168.1.13) can mount /media just
>fine if i shutdown ipchains on the nfs server.  With the above rules in
>place i get:
>
>{root at client}# mount -r server:/media /backup/media
>nfs mount: server: : RPC: Rpcbind failure - RPC: Unable to receive
>nfs mount: retrying: /backup/media
>
>
>
>Anyone want to suggest a rule that will work?
>
>Thanks,
>
>
>Gene
>
>
>
>---
>This message has been sent through the ALE general discussion list.
>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
>sent to listmaster at ale dot org.
>
>



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list