Firewall problems with NFS
Dr. Michael J. Chudobiak
mjc at avtechpulse.com
Thu Nov 15 14:49:23 UTC 2007
Bill Davidsen wrote:
>> You'll probably need to:
>>
>> 1) Learn about port "pinning" for NFS (so it always uses the same ports).
>
> Since the GUI doesn't know about this, it doesn't solve the problem of
> avoiding mixing GUI and manual firewall configuration, if I have to do
> any of it by hand I'll do it all by hand, I'm dubious about using the
> same rules for forwarding as INPUT anyway.
Bill,
The port-pinning is not handled by iptables, and no firewall tool will
do it for you. You will need to configure port pinning in the various
/etc files that control the NFS server and the RPC services (I forget
which files).
Once you've pinned the ports, then open them in the firewall. You can do
that by hand if you want, but using firestarter is much easier, in my
experience.
The two tasks are cleanly separated.
- Mike
More information about the fedora-list
mailing list