Thank you. that tip about specifying ports does seem to have helped. I
now have a firewalled system instead of completely open :)
On 9/7/2011 15:10, Roberto C. Sánchez wrote:
On Wed, Sep 07, 2011 at 01:38:28PM -0700, Christ Schlacta wrote:
I installed the universal configuration, then followed the guide to
enable NFS, but NFS failed miserably whenever shorewall was started or
stopped. only cleared allowed NFS traffic to function properly. I'm
using ubuntu 11.4, which I believe is using nfs4. sec is set to
sec=sys. not sure if more ports are needed, or different ports, or if
shorewall has done something unusual. I had to purge shorewall about a
week ago to ensure the system functions, so I can't provide a dump at
the moment, but if one is absolutely critical to proceeding to debug
this issue, I can schedule some downtime to the nfs server to acquire a
dump in the next few days.
I run Shorewall on a system that serves up filesystems as NFSv4. Here
are the rules I use:
ACCEPT loc $FW tcp 111
ACCEPT loc $FW udp 111
ACCEPT loc $FW tcp 2049
ACCEPT loc $FW udp 2049
ACCEPT loc $FW tcp 32765:32769
ACCEPT loc $FW udp 32765:32769
In /etc/default/nfs-kernel-server, I have:
RPCMOUNTDOPTS="-p 32767"
In /etc/default/nfs-common, I have:
STATDOPTS="--port 32765 --outgoing-port 32766"
I think the key is *telling* the services what ports to use. Otherwise,
they use random ports and traffic will probably not be allowed through.
Regards,
-Roberto
------------------------------------------------------------------------------
Using storage to extend the benefits of virtualization and iSCSI
Virtualization increases hardware utilization and delivers a new level of
agility. Learn what those decisions are and how to modernize your storage
and backup environments for virtualization.
http://www.accelacomm.com/jaw/sfnl/114/51434361/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Doing More with Less: The Next Generation Virtual Desktop
What are the key obstacles that have prevented many mid-market businesses
from deploying virtual desktops? How do next-generation virtual desktops
provide companies an easier-to-deploy, easier-to-manage and more affordable
virtual desktop model.http://www.accelacomm.com/jaw/sfnl/114/51426474/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
