iptable in fc5

Jay Cliburn jacliburn at bellsouth.net
Mon May 15 21:14:46 UTC 2006


On Mon, 2006-05-15 at 14:27 -0500, Hongwei Li wrote:
> Hi,
> 
> I have a question about iptables in fc5. I have iptables 1.3.5-1.2 installed.
> By default, the iptables has a line
> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
> ... and
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> 
> I try to add the port 2049 for our lan nfs by adding aline before the above
> reject line:
> 

You're also going to need to unblock ports for portmapper, mountd,
rquotad, and (maybe) rstatd and nfslockd.  I don't use the last two on
my home systems.

Create a file on the server at /etc/sysconfig/nfs that will bind mountd
and rquotad to fixed ports (I use 922 and 923, but you don't have to).

[root at petrel ~]# cat /etc/sysconfig/nfs
export MOUNTD_PORT=922
export RQUOTAD_PORT=923

Then, in /etc/sysconfig/iptables, add the following rules (change the -s
address as appropriate, or remove it altogether):
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 922 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 922 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 923 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 923 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -m tcp -p
tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT






More information about the fedora-list mailing list