[EMAIL PROTECTED] said:
| after setting up coda with help from this list I have another
| question. Is it possible to use coda with access control facilities
| like tcp_wrappers or something similar? Or do I have to use ACLs to
| achieve this.
| What I want is to make it impossible for any machine not on my subnet
| to mount /coda.
Hi Florian,
I don't know how tcpwrappers would fit into Coda, most communication is
over UDP, and you probably wouldn't want a double reverse domain lookup
on every rpc2 message. However, I noticed that portmap/nfs on Redhat is
using tcpwrappers with UDP traffic, so it would be possible to use it.
Currently the easiest way to make sure people outside of your subnet
cannot mount your filesystem is to use firewall rules on the coda
server machines to block off any access to udp port 2432 from outside
the subnet. Here are examples for Linux, because I don't know how to
do this on FreeBSD or NetBSD.
<my_subnet> is something similar to 128.2.0.0/16, or 10.10.10.0/24.
linux 2.0.x:
ipfwadm -I -a accept -P udp -S <my_subnet> -D 0.0.0.0/0 2432
ipfwadm -I -a reject -P udp -D 0.0.0.0/0 2432
linux 2.1.x:
ipchains -N coda
ipchains -A coda -s <my_subnet> -j RETURN
ipchains -A coda -j REJECT
ipchains -A input -p udp --destination-port 2432 -j coda
Jan
