Mailing List Archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Firewall versus NFS

Stephen J. Turnbull wrote:
Dave M G writes:

> But it has become apparent that when my firewall is on, the server won't > allow me to connect.

It could be a syntax error, but the syntax you're using is very
standard, and I would be surprised if Firestarter didn't accept it.

IIRC NFS can use either TCP ("reliable stream") or UDP ("message in a
bottle") to connect.  Have you opened both TCP and UDP for portmap
(111) and nfs (2049)?

It's possible that the client is trying to connect to other ports for
some reason.  Or possibly you have some rules stopping outgoing
packets.  Set up a rule to log attempts to connect from *any* to *any*
originating at the client machine (, is that right?) and
find out what it's doing.
I believe this last point is probably true, esp with the portmapper involved. The portmapper listens on 111 and then tells the client what port to connect to for the service it is asking for. There really isn't a good way that I know of to firewall off a NFS server (most of my firewall experience is on the perimeter). However, a flex type rule might work. In the past I have used Arno's Firewall script, it might work for you


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links