NFS and denying access to subnets

Neil Marjoram n.marjoram at adastral.ucl.ac.uk
Thu Sep 29 14:30:42 UTC 2005


OK I've been trying for ages now but I just can't seem to get this into 
my head.

I have 8 subnets on my network 10.1.1.0 mask is 255.255.255.224 or /27, 
I would like all but one of these subnets to be able to mount from my 
NFS server. So I thought I'd add the relevant lines into 
/etc/hosts.allow and /etc/hosts.deny;

It's long, so I've shortened it.
/etc/host.allow
portmap:10.1.1.0/255.255.255.224
lockd:10.1.1.0/255.255.255.224
mountd:10.1.1.0/255.255.255.224
rquoted:10.1.1.0/255.255.255.224
statd:10.1.1.0/255.255.255.224
portmap:10.1.1.32/255.255.255.224
lockd:10.1.1.32/255.255.255.224
mountd:10.1.1.32/255.255.255.224
rquoted:10.1.1.32/255.255.255.224
statd:10.1.1.32/255.255.255.224

And all the other 5 networks.

And in the /etc/hosts.deny

portmap:10.1.1.160/255.255.255.224
lockd:10.1.1.160/255.255.255.224
mountd:10.1.1.160/255.255.255.224
rquoted:10.1.1.160/255.255.255.224
statd:10.1.1.160/255.255.255.224

I have restarted NFS and Portmap, but alas those systems on the 160 
network can still mount and see nfs mounts.

Am I barking up the wrong tree and is there an easier way to accomplish 
this ?

Many thanks

Neil.

-- 
Neil Marjoram
Systems Manager
Adastral Park Campus
University College London
Ross Building
Adastral Park
Martlesham Heath
Ipswich - Suffolk
IP5 3RE

Reclaim Your Inbox!
http://www.mozilla.org/products/thunderbird




More information about the fedora-list mailing list