> The server needs the following daemons running: > portmap, nfs-common, nfs-server > The client needs portmap and nfs-common > > My question is, can you mount the nfs share remotely > when the entry in /etc/hosts.deny is removed, and in /etc/hosts.allow you > put "ALL: ALL"?
I can mount if both files are empty. I think this is equivalent to having ALL: ALL" in /etc/hosts.allow, so I didn't try. And the demons are probably started at boot time by default. But this is not the problem. I just wanted to use the other machine to verify that the line portmap: ALL actually denies access to everybody, and now I want to enable access to that one machine in my network again, and from what I read this is done by putting portmap: 192.168.1.0/255.255.255.0 in /etc/hosts.allow Is it not as simple as that? Then the NFS HOWTO is wrong, or I have to learn how to configure Linux for some more years. > I would suggest using ipchains to block nfs and rpc from the outside, like > this, where 192.168.1.1 is your machines **external** interface (i.e., the > one connected to the world): > > ipchains -A input -l -p tcp -s 0/0 -d 192.168.1.1 111 -j DENY > ipchains -A input -l -p udp -s 0/0 -d 192.168.1.1 111 -j DENY > ipchains -A input -l -p tcp -s 0/0 -d 192.168.1.1 2049 -j DENY > ipchains -A input -l -p udp -s 0/0 -d 192.168.1.1 2049 -j DENY > > remove the "-l" if you don't want log entries. I wanted to tackle ipchains and all that later, when I set up internet access for all machines in my LAN via my machine. I don't even know yet exactly what ipchains is.
