NFS and denying access to subnets
Mike McGrath
mmcgrath at iesabroad.org
Fri Sep 30 04:09:36 UTC 2005
> -----Original Message-----
> From: fedora-list-bounces at redhat.com
> [mailto:fedora-list-bounces at redhat.com] On Behalf Of Neil Marjoram
> Sent: Thursday, September 29, 2005 9:31 AM
> To: fedora-list at redhat.com
> Subject: NFS and denying access to subnets
>
> OK I've been trying for ages now but I just can't seem to get
> this into my head.
>
> I have 8 subnets on my network 10.1.1.0 mask is
> 255.255.255.224 or /27, I would like all but one of these
> subnets to be able to mount from my NFS server. So I thought
> I'd add the relevant lines into /etc/hosts.allow and /etc/hosts.deny;
>
> It's long, so I've shortened it.
> /etc/host.allow
> portmap:10.1.1.0/255.255.255.224
> lockd:10.1.1.0/255.255.255.224
> mountd:10.1.1.0/255.255.255.224
> rquoted:10.1.1.0/255.255.255.224
> statd:10.1.1.0/255.255.255.224
> portmap:10.1.1.32/255.255.255.224
> lockd:10.1.1.32/255.255.255.224
> mountd:10.1.1.32/255.255.255.224
> rquoted:10.1.1.32/255.255.255.224
> statd:10.1.1.32/255.255.255.224
>
> And all the other 5 networks.
>
> And in the /etc/hosts.deny
>
> portmap:10.1.1.160/255.255.255.224
> lockd:10.1.1.160/255.255.255.224
> mountd:10.1.1.160/255.255.255.224
> rquoted:10.1.1.160/255.255.255.224
> statd:10.1.1.160/255.255.255.224
>
> I have restarted NFS and Portmap, but alas those systems on
> the 160 network can still mount and see nfs mounts.
>
> Am I barking up the wrong tree and is there an easier way to
> accomplish this ?
>
> Many thanks
>
> Neil.
>
whats your /etc/exports look like? I think you can do the following:
/home 10.1.1.32/255.255.255.224(rw)
/home 10.1.1.160/255.255.255.224(noaccess)
-Mike
More information about the fedora-list
mailing list