NFS with firewall
Stuart Lowe
stulowe at sympatico.ca
Sat May 8 14:10:28 UTC 2004
this clarifies everything...much appreciated.
Regards,
Stu.
On Sat, 2004-05-08 at 09:50, Luciano Miguel Ferreira Rocha wrote:
> On Sat, May 08, 2004 at 09:07:37AM -0400, Stuart Lowe wrote:
> > So rpcinfo will not show ports that are specified for outgoing requests,
> > then?
>
> No, portmap registers ports for servicing by clients, not that the services
> will use by themselves.
>
> > If no ports are specified at all, then in the case of statd, it looks
> > like two different ports are being assigned (by portmapper I assume) to
> > listen for requests - one for tcp and one for udp. Is this a correct
> > statement?
>
> Yes. A RPC call may use any one of those IP protocols, and a different
> port may be assigned for each. Not usually done, though.
>
> > I was just looking for a way to confirm my setting of STATD_PORT and
> > STATD_OUTGOING_PORT and got all bothered when I couldn't see
> > STATD_OUTGOING_PORT with rcpinfo. If I'm setting up a firewall that is
> > only dealing with incoming, then maybe I shouldn't be worried about
> > setting STATD_OUTGOING_PORT eh?
>
> I'm not that familiar with statd, but I assume STATD_OUTGOING_PORT would
> only be used when the daemon needs to make requests of its own (and not
> the replies). The manual page isn't that clear on this one.
>
> Don't worry about that setting, but if you do, just make iptables spew a
> few denied packets to the log file, start the services, see if it works,
> and after some time check the log for denied statd outgoing requests.
>
> Regards,
> Luciano Rocha
> --
> Consciousness: that annoying time between naps.
>
More information about the fedora-list
mailing list