2012/5/12 Ugo Bellavance <[email protected]> > On 2012-05-11 16:14, Michael Schuh wrote: > >> >> >> 2012/5/11 Ian Levesque <[email protected] >> <mailto:[email protected].**edu <[email protected]>>> >> >> >> >> On May 11, 2012, at 2:52 PM, Ugo Bellavance wrote: >> >> > I'd need to have an NFS client access an NFS server. Both are on >> a different network segment, so I need to have the traffic go >> through the pfSense firewall. Does anyone has the list of ports >> that must be allowed for NFSv3? >> >> If your client is on the LAN and the server the WAN, you should be >> fine with the built-in state management. If the NFSv3 server is >> behind a firewall, good luck... :) (basically, you'd need to >> configure your server to use static ports, which may not be possible >> with your NAS). >> > > My client is in LAN and the server is on OPT1 (another internal network). > I could do that with my current CheckPoint FW-1, but I needed to allow all > ports. > > Ian pointed it already out....much fun...
if: all the clients need the NFS access, they should be in that subnet or the server should be in the subnet of the clients. then: find a solution to get the data shared between the clients and the secured service ( what was the reason why that NFS-Server stands in an DMZ ? ) without to open the doors for the entire network. Think about your conceptual design. :-) endif: if: only specific Clients need access then: Allow the traffic from specific ( if not all clients need access) lan-clients to the NFS-Server. Secure up your server, make usage of the local files /etc/hosts.allow, /etc/hosts.deny, cut of (deinstall them completely) all other services, accept only DSA/RSA-Key authentication on SSHv2 and only v2. a word in the documentation : WHY you made that this way. - would be a good idea. Try to keep other Services far from that box. endif: greetings m. -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = =
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
