[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Is there a NFS alternative?





On 2/8/07, Lamont Peterson <lamont gurulabs com> wrote:
On Thursday 08 February 2007 03:09pm, Matthew Miller wrote:
> On Wed, Feb 07, 2007 at 03:04:46PM -0700, Lamont Peterson wrote:
> > AndrewFS or CodaFS.
>
>   ^^^^^^^
>
> No.

:) Agreed.

He asked *is* there an alternative, so I listed an alternative.
--
Here is my iptables and nfs configuration.  We flirted with nfsv4 however the supported feature matrix is pretty sparse.  For secure filesharing we are migrating to OpenAFS.

[ajn depweb ~]$ cat /etc/sysconfig/nfs
RPCNFSDCOUNT=35
STATD_PORT=10002
STATD_OUTGOING_PORT=10003
MOUNTD_PORT=10004
RQUOTAD_PORT=10005
[ajn depweb ~]$ sudo cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
:NFS-INPUT - [0:0]
-A INPUT -j NFS-INPUT
-A FORWARD -j NFS-INPUT
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
# Firewall rules for NFS with the following restrictions set in the nfs sysconfig:
# RPCNFSDCOUNT=25
# STATD_PORT=10002
# STATD_OUTGOING_PORT=10003
# MOUNTD_PORT=10004
# RQUOTAD_PORT=10005
#
-A NFS-INPUT -p tcp -m tcp --dport 111 -j ACCEPT
-A NFS-INPUT -p udp -m udp --dport 111 -j ACCEPT
-A NFS-INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A NFS-INPUT -p udp -m udp --dport 2049 -j ACCEPT
-A NFS-INPUT -p tcp -m tcp --dport 10002:10005 -j ACCEPT
-A NFS-INPUT -p udp -m udp --dport 10002:10005 -j ACCEPT
#
COMMIT


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]