It is very messy with NFS but I use something like this: ############################# #NFS connections from someserver ############################# #portmap tcp/udp -i eth0 -p tcp --dport 111 -s someserver/32 -j ACCEPT -i eth0 -p udp --dport 111 -s someserver/23 -j ACCEPT #status tcp/udp -i eth0 -p tcp --dport 300:50000 -s someserver/32 -j ACCEPT -i eth0 -p udp --dport 300:50000 -s someserver/32 -j ACCEPT #nfs udp/tcp -i eth0 -p tcp --dport 2040:2049 -s someserver/32 -j ACCEPT -i eth0 -p udp --dport 2040:2049 -s someserver/32 -j ACCEPT
On 13/12/05 00:09 +0100, Ghe Rivero wrote: > Hi everyone, > we are going to use netfilter for our main firewall at University and a > couples of dudes come to my mind now: > > 1.- Since we have severals machines (around 50) and all king of > services, which is the best way to have everything more or less order? > 2.- NFS use dinamic ports on conenctions with the clients. Howis it > supposed to be firewaled (The same can be for some Windows isssues) > Thx in advanced to everyone! > > Ghe Rivero > > -- > CPD - Universidad Pontificia de Salamanca > Tlf. 923 277 136 - Ext. 7263 > > > .''`. Pienso, Luego Incordio > : :' : > `. `' Proudly running Debian GNU/Linux (Sid 2.6.9-smp Ext3) > `- www.debian.org www.upsa.es > > GPG Key: 26F020F7 > GPG fingerprint: 4986 39DA D152 050B 4699 9A71 66DB 5A36 26F0 20F7 > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- ------------------------------------------ Ted Knab Stevensville, Maryland 21666 USA ------------------------------------------ I am lone maggot in a sea of pooh. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
