[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Is there a NFS alternative?



On Thu, 2007-02-08 at 20:31 +0200, Gilboa Davara wrote:
> On Wed, 2007-02-07 at 14:52 -0600, Arthur Pemberton wrote:
> > On 2/7/07, Daniel Yek <dyek real com> wrote:
> > > At 12:44 PM 2/7/2007, Arthur Pemberton wrote:
> > > >On 2/7/07, Daniel Yek <dyek real com> wrote:
> > > >>Hi,
> > > >>
> > > >>It was a while ago when I read that NFS was difficult to secure with (the
> > > >>use of) ssh and iptables (or something like that).
> > > >>
> > > >>I really needed an alternative that works and can be made secure. Is GFS a
> > > >>suitable replacement for NFS? If not, what is the closest thing to NFS?
> > > >>
> > > >>Thanks.
> > > >
> > > >Subdue NFS to use only one port, firewall all other ports
> > > >off....possible filter the NFS port too?
> > >
> > > Thanks for replying.
> > >
> > > That is what I read and I was looking for an alternative to that. Is there
> > > other solution? Or this is the best available solution already?
> > 
> > Well, if you can suggest how the solution could be made better, I or
> > others can maybe suggest how to implement it.
> > 
> > The only other thing i can thing of is have port mapper interface with
> > iptables in a plug and play type firewall way (or however Windows
> > refers to it)
> > 
> 
> No need to.
> Just configure the ports in /etc/sysconfig/nfs and open a hole for them.
> E.g:
> #
> # /etc/sysconfig/nfs
> #
> # mountd	2050/tcp
> # mountd	2050/udp
> MOUNTD_PORT=2050
> 
> # rquotad	2051/tcp
> # rquotad	2051/udp
> RQUOTAD_PORT=2051
> 
> # nlockmgr	2052/tcp
> # nlockmgr	2052/udp
> LOCKD_TCPPORT=2052
> LOCKD_UDPPORT=2052
> 
> # status	2053/tcp
> # status	2053/udp
> STATD_PORT=2053
> STATD_OUTGOING_PORT=2054
> 
> - Gilboa

Forgot to add.
You can then use SSH port redirection (ssh -L)  to access these ports
over a secure connection.

- Gilboa


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]