Re: [tlug] Firewall versus NFS

[Dave M G <martin@example.com>]

Patrick, Stephen,

Thank you for responding.

> Stephen J. Turnbull wrote:
> > Set up a rule to log attempts to connect from *any* to *any*
> > originating at the client machine (192.168.0.3, is that right?) and
> > find out what it's doing. 
I think that Patrick might be right about the changing ports. I watched 
the events log in the Firestarter interface as Stephen suggested, and 
when I attempted to connect to the server from another machine, it said 
it blocked a connection from port 980.

And then I saw in other attempts that it said it blocked attempts on 
port 979, 976, 964... Seemingly within a tight range of numbers. But I 
don't know if I can be sure it will always stay in that range.

So I checked on the net about this, and I saw this page:
http://gentoo-wiki.com/HOWTO_Share_Directories_via_NFS

Seems to indicate that I can constrain the ports used by NFS by editing 
/etc/conf.d/nfs and putting this in there:

# Number of servers to be started up by default
RPCNFSDCOUNT=8
# Options to pass to rpc.mountd
# ex. RPCMOUNTDOPTS="-p 32767
RPCMOUNTDOPTS="-p 4002"
# Options to pass to rpc.statd
# ex. RPCSTATDOPTS="-p 32765 -o 32766"
RPCSTATDOPTS="-p 4000"

And then there's some options after that which I don't understand, 
because it involves a rather detailed list of "if your system is this 
then do that, but if your system is that then do this" type of instructions.

And these instructions are for Gentoo, so I want to be sure they are 
universal before I apply them.

What do you guys think?

--
Dave M G
Ubuntu 7.04 Feisty Fawn
Kernel 2.6.20-15-generic
Pentium D Dual Core Processor