On Sat, 2003-05-31 at 21:19, John Noll wrote: > I've been trying to set up nfs for quite some time now. I found a good > how-to and I've gone through the RedHat documentation. From what I have > read it seems the only reason I cannot mount the share I've set up on > the nfs server is the firewall on the server. My nfs server is just my > desktop running redhat 9. The graphical "security level configuration" > tool gives me the option to allow services like http, ftp, ssh, etc. but > I don't see anything about nfs.
Punching NFS through the firewall is extremely difficult. This is because NFS doesn't run on a certain port all the time. Instead, the client usually connects to the Portmapper (which does run on a specific port) and asks for the nfs port. Then it connects to that. Since the NFS port is always different, you have to write a script that queries the portmapper for the NFS port and then opens up a hole for that. This is commonly done to allow some nfs access into a DMZ, for example. Apparently Ed Schaller has written scripts to do this before. I would highly avoid punching nfs through the firewall. NFS is extremely insecure and you cannot trust the clients. The most secure way to connect machine a to machine b's nfs through a firewall is, in my opinion, to set up a VPN connection (say using CIPE, which RH9's wizard supports). Michael > > I've seen a lot of posts about firewalls over the past few months and it > seems pretty daunting. I'm just trying to change the configuration > enough to allow my desktop to mount an nfs share hosted on my desktop. > > Any help? > > thank you, > > john > > > _______________________________________________ > newbies mailing list > [EMAIL PROTECTED] > http://phantom.byu.edu/cgi-bin/mailman/listinfo/newbies _______________________________________________ newbies mailing list [EMAIL PROTECTED] http://phantom.byu.edu/cgi-bin/mailman/listinfo/newbies
