I am trying to set up NFS on a LAN of RH7.3 (2.4.18-3) boxes with their
ipchains firewalls running ("high" security, *not* trusting
other machines connected to their eth0 port).The NFS HOWTO describes in detail how to get NFS through an ipchains firewall by specifying which ports mountd, statd, and lockd use. I am starting mountd on port 32790 (from /etc/init.d/nfs), statd on -p=32791 and -o=32792 (from /etc/init.d/nfslock), and lockd on 32793 (from /etc/modules.conf). Having done this, something is still broken. For instance, here is the rejection log when host nova (192.168.48.150) tries to mount a partition on novus (192.168.48.151): Aug 15 15:19:25 nova automount[1109]: attempting to mount entry /nofs/novus Aug 15 15:19:25 nova kernel: Packet log: input REJECT eth0 PROTO=17 192.168.48.151:32790 192.168.48.150:715 L=84 S=0x00 I=0 F=0x4000 T=64 (#17) Here are the relevant ipchains lines: -A input -s 192.168.48.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j ACCEPT -f -A input -s 192.168.48.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 32790:32793 -p 6 -j ACCEPT -A input -s 192.168.48.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 32790:32793 -p 17 -j ACCEPT -A input -s 192.168.48.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 2049:2049 -p 6 -j ACCEPT -A input -s 192.168.48.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 2049:2049 -p 17 -j ACCEPT -A input -s 192.168.48.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 111:111 -p 6 -j ACCEPT -A input -s 192.168.48.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 111:111 -p 17 -j ACCEP Why is nova (...150) using port 715? This port is surely blocked by the ipchains firewall, resulting in the rejection. Shouldn't it be using port 32790? rpcinfo -p on nova shows that mountd is running on port 32790. Also, rpcinfo -p shows that "nlockmgr" is running on 32768. Is this relevant? Any help would be thoroughly appreciated. Thanks. -- Blaise -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
