Straining for clues here. Maybe needs to be keep-state rules?
We should probably RT<F>M and/or do a little other research
on what ports NFS is using, and how it's using them, etc.
Have you done any packet sniffing on your LAN to see
what's happening when the FW is blocking NFS?
Cheers,
Kevin Kinsey
DaleCo, S.P.
----- Original Message -----
From: "Mark" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 11, 2002 3:09 PM
Subject: NFS rules for ipfw
>
>
> Hello!
>
> I've got a little server here that is acting as a nat/router and
firewall to
> connect our home to the internet.
>
> i would, in addition, like to run NFS on this machine so that
computers on
> the internal network can share disks from it . (Yes, I realize
this is
> sub-optimal and an NFS server should theoretically be a separate
machine, but
> there are cost and space issues here ...)
>
> The problem is, I have a "simple" firewall up and running on this
machine
> that prevents the internal machines from connecting to the server
via NFS.
> (I've already verified changing the firewall to "open" allows NFS
client
> access).
>
> My Question is: Is there a set of rules I can add to the server to
allow NFS
> clients from the LOCAL network only, but still prevent NFS requests
from the
> outside net?
>
> I've tried things like:
>
> ${fwcmd} add pass udp from ${inet}:${imask} to ${iip} 2049
> ${fwcmd} add pass tcp from ${inet}:${imask} to ${iip} 2049
>
> and similar rules for port 369 (RPC2) and 111 (Sun RPC), but
without any luck
> -- client machines always give RPC Timed Out messages on mounts or
any other
> request.
>
> Any suggestions?
>
> Thanks,
> Mark.
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
