On Mon, 2006-06-19 at 07:24 +0200, Ralph Slooten wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Matthias Langer wrote:
> > i've recently set up a local nfs server for my disfiles; to keep the WAN
> > out i have:
> >
> > iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport nfs -j DROP
> > iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport nfs -j DROP
> >
> > everthing is working fine so far; however, my logs are full with these
> > messages:
> >
> > svc: bad direction 268435456, dropping request
> >
> > any comments ?
>
> I have had this too from quite a while back
> (http://blog.axljab.homelinux.org/post/6/). I turned on logging in my
> firewall to find out that nfs listens on random ports for UDP
> connections. The problem is that the random ports change ;-) In my
> firewall *most* of > 1024 is open so there isn't much I can do about it.
>
> - From what I noticed it's nobody trying to hack you but rather just
> internet "static" which by coincidence tries a port that your NFS is
> listening on. I stopped worrying about it after a while. The option for
> NFS to listen only on one interface wasn't then (iirc) an option .. not
> sure about now though.
>
> Greetings,
> Ralph
Thank you very much .. After adding the following lines to my firewall,
these annyoing messages seem to be gone (at least they did not appear
for one hour now):
iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 1026 -j DROP
iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 1026 -j DROP
iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 2442 -j DROP
iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 2292 -j DROP
i'm not sure which of these lines acually fixed my problem as i've just
looked at the output of rpcinfo and grabbed all nfs relevant ports from
there.
Matthias
--
gentoo-user@gentoo.org mailing list
