web/html/docs/security-guide/f10/en_US sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html, NONE, 1.1

[Eric Christensen]

Author: sparks

Update of /cvs/fedora/web/html/docs/security-guide/f10/en_US
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv6464/en_US

Added Files:
	sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html 
Log Message:
Updates from validation.



--- NEW FILE sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration.html ---
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><title>2.2.4.4. NFS Firewall Configuration</title><link rel="stylesheet" href="./Common_Content/css/default.css" type="text/css"/><meta name="generator" content="publican"/><meta name="package" content="fedora-security-guide-11-en-US-1.0-12"/><link rel="home" href="index.html" title="security-guide"/><link rel="up" href="sect-Security_Guide-Server_Security-Securing_NFS.html" title="2.2.4. Securing NFS"/><link rel="prev" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html" title="2.2.4.3. Do Not Use the no_root_squash Option"/><link rel="next" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html" title="2.2.5. Securing the Apache HTTP Server"/></head><body class="draft "><p id="title"><a class="left" href="http://www.fedoraproject.org"><img src="Common_Content/images/image_left.png" alt="Product Site"/></a><a class="right" href="http://docs.fedoraproject.org"><img src="C
 ommon_Content/images/image_right.png" alt="Documentation Site"/></a></p><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Prev</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Next</strong></a></li></ul><div class="section" lang="en-US"><div class="titlepage"><div><div><h4 class="title" id="sect-Security_Guide-Securing_NFS-NFS_Firewall_Configuration">2.2.4.4. NFS Firewall Configuration</h4></div></div></div><div class="para">
				The ports used for NFS are assigned dynamically by rpcbind, which can cause problems when creating firewall rules. To simplify this process, use the <span class="emphasis"><em>/etc/sysconfig/nfs</em></span> file to specify which ports are to be used:
			</div><div class="itemizedlist"><ul><li><div class="para">
						<code class="command">MOUNTD_PORT</code> — TCP and UDP port for mountd (rpc.mountd)
					</div></li><li><div class="para">
						<code class="command">STATD_PORT</code> — TCP and UDP port for status (rpc.statd)
					</div></li><li><div class="para">
						<code class="command">LOCKD_TCPPORT</code> — TCP port for nlockmgr (rpc.lockd)
					</div></li><li><div class="para">
						<code class="command">LOCKD_UDPPORT</code> — UDP port nlockmgr (rpc.lockd)
					</div></li></ul></div><div class="para">
				Port numbers specified must not be used by any other service. Configure your firewall to allow the port numbers specified, as well as TCP and UDP port 2049 (NFS).
			</div><div class="para">
				Run the <code class="command">rpcinfo -p</code> command on the NFS server to see which ports and RPC programs are being used.
			</div></div><ul class="docnav"><li class="previous"><a accesskey="p" href="sect-Security_Guide-Securing_NFS-Do_Not_Use_the_no_root_squash_Option.html"><strong>Prev</strong>2.2.4.3. Do Not Use the no_root_squash Option</a></li><li class="up"><a accesskey="u" href="#"><strong>Up</strong></a></li><li class="home"><a accesskey="h" href="index.html"><strong>Home</strong></a></li><li class="next"><a accesskey="n" href="sect-Security_Guide-Server_Security-Securing_the_Apache_HTTP_Server.html"><strong>Next</strong>2.2.5. Securing the Apache HTTP Server</a></li></ul></body></html>