Re: Improvement to IPFilter / nfsd in FBSD (6.2+?)

2007-01-12 Thread Patrick Lamaizière
Garrett Cooper : Hello, Just wondering if anyone has IPFilter / nfsd setup properly on their boxes with any beta versions of FBSD. I am having loads of issues transferring large files (~300MB apiece) or issues transferring a large number of smaller files (3MB ~ 10MB apiece) from a FBSD 6.1

Improvement to IPFilter / nfsd in FBSD (6.2+?)

2007-01-11 Thread Garrett Cooper
Just wondering if anyone has IPFilter / nfsd setup properly on their boxes with any beta versions of FBSD. I am having loads of issues transferring large files (~300MB apiece) or issues transferring a large number of smaller files (3MB ~ 10MB apiece) from a FBSD 6.1 client to a FBSD 6.1

Re: Improvement to IPFilter / nfsd in FBSD (6.2+?)

2007-01-11 Thread Chuck Swiger
On Jan 11, 2007, at 10:58 AM, Garrett Cooper wrote: Just wondering if anyone has IPFilter / nfsd setup properly on their boxes with any beta versions of FBSD. It is typically not useful to implement firewall rules between NFS servers and legitimate NFS clients. The large number of RPC

Firewalls and RPC (was Re: Improvement to IPFilter / nfsd in FBSD (6.2+?))

2007-01-11 Thread Garrett Cooper
Chuck Swiger wrote: On Jan 11, 2007, at 10:58 AM, Garrett Cooper wrote: Just wondering if anyone has IPFilter / nfsd setup properly on their boxes with any beta versions of FBSD. It is typically not useful to implement firewall rules between NFS servers and legitimate NFS clients. The

Re: Firewalls and RPC (was Re: Improvement to IPFilter / nfsd in FBSD (6.2+?))

2007-01-11 Thread Chuck Swiger
On Jan 11, 2007, at 12:54 PM, Garrett Cooper wrote: It is typically not useful to implement firewall rules between NFS servers and legitimate NFS clients. The large number of RPC services using randomly assigned ports needed by NFS and the fact that machines which trust each other enough

Re: Firewalls and RPC (was Re: Improvement to IPFilter / nfsd in FBSD (6.2+?))

2007-01-11 Thread Garrett Cooper
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck Swiger wrote: Actually, no. While rpcbind/portmap/portmapper is assigned to 111/tcp udp, most other RPC services get assigned high port numbers in the 327xx range, but that varies considerably from platform to platform. True. NFS is port

Re: Firewalls and RPC (was Re: Improvement to IPFilter / nfsd in FBSD (6.2+?))

2007-01-11 Thread Chuck Swiger
On Jan 11, 2007, at 1:50 PM, Garrett Cooper wrote: Actually, no. While rpcbind/portmap/portmapper is assigned to 111/ tcp udp, most other RPC services get assigned high port numbers in the 327xx range, but that varies considerably from platform to platform. True. NFS is port 2049 by

Re: Firewalls and RPC (was Re: Improvement to IPFilter / nfsd in FBSD (6.2+?))

2007-01-11 Thread Garrett Cooper
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck Swiger wrote: snip You really don't want to mix machines which are trusted with machines which are not trusted on the same subnet. If you can't control which client machines get which IPs, you pretty much cannot use firewall rules to