Is there a NFS alternative?

Fri Feb 9 03:05:37 UTC 2007

On 2/8/07, Lamont Peterson <lamont at gurulabs.com> wrote:
>
> On Thursday 08 February 2007 03:09pm, Matthew Miller wrote:
> > On Wed, Feb 07, 2007 at 03:04:46PM -0700, Lamont Peterson wrote:
> > > AndrewFS or CodaFS.
> >
> >   ^^^^^^^
> >
> > No.
>
> :) Agreed.
>
> He asked *is* there an alternative, so I listed an alternative.
> --
>
Here is my iptables and nfs configuration.  We flirted with nfsv4 however
the supported feature matrix is pretty sparse.  For secure filesharing we
are migrating to OpenAFS.

[ajn at depweb ~]$ cat /etc/sysconfig/nfs
> RPCNFSDCOUNT=35
> STATD_PORT=10002
> STATD_OUTGOING_PORT=10003
> MOUNTD_PORT=10004
> RQUOTAD_PORT=10005
> [ajn at depweb ~]$ sudo cat /etc/sysconfig/iptables
> # Firewall configuration written by system-config-securitylevel
> # Manual customization of this file is not recommended.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Firewall-1-INPUT - [0:0]
> :NFS-INPUT - [0:0]
> -A INPUT -j NFS-INPUT
> -A FORWARD -j NFS-INPUT
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 53 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> # Firewall rules for NFS with the following restrictions set in the nfs
> sysconfig:
> # RPCNFSDCOUNT=25
> # STATD_PORT=10002
> # STATD_OUTGOING_PORT=10003
> # MOUNTD_PORT=10004
> # RQUOTAD_PORT=10005
> #
> -A NFS-INPUT -p tcp -m tcp --dport 111 -j ACCEPT
> -A NFS-INPUT -p udp -m udp --dport 111 -j ACCEPT
> -A NFS-INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
> -A NFS-INPUT -p udp -m udp --dport 2049 -j ACCEPT
> -A NFS-INPUT -p tcp -m tcp --dport 10002:10005 -j ACCEPT
> -A NFS-INPUT -p udp -m udp --dport 10002:10005 -j ACCEPT
> #
> COMMIT
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20070208/e6cc5307/attachment.htm>