Re: [tlug] Firewall versus NFS

[Patrick Kellaher <kalmite@example.com>]

Stephen J. Turnbull wrote:
> Dave M G writes:
>
>  > But it has become apparent that when my firewall is on, the server won't 
>  > allow me to connect.
>
> It could be a syntax error, but the syntax you're using is very
> standard, and I would be surprised if Firestarter didn't accept it.
>
> IIRC NFS can use either TCP ("reliable stream") or UDP ("message in a
> bottle") to connect.  Have you opened both TCP and UDP for portmap
> (111) and nfs (2049)?
>
> It's possible that the client is trying to connect to other ports for
> some reason.  Or possibly you have some rules stopping outgoing
> packets.  Set up a rule to log attempts to connect from *any* to *any*
> originating at the client machine (192.168.0.3, is that right?) and
> find out what it's doing.
I believe this last point is probably true, esp with the portmapper 
involved.  The portmapper listens on 111 and then tells the client what 
port to connect to for the service it is asking for.  There really isn't 
a good way that I know of to firewall off a NFS server (most of my 
firewall experience is on the perimeter).  However, a flex type rule 
might work.  In the past I have used Arno's Firewall script, it might 
work for you http://rocky.eld.leidenuniv.nl 

Pat