Firewall problems with NFS
Dr. Michael J. Chudobiak
mjc at avtechpulse.com
Thu Nov 15 12:46:37 UTC 2007
Bill Davidsen wrote:
> I have a firewall problem with running an NFS server on FC6 or FC8, due
> to the GUI configuration interface not opening the firewall when I check
> the NFS protocol support. It seems to only allow use as an NFS client,
> since that worked fine when I tested it.
>
> I can put the needed rules in the "RH-Firewall-1-INPUT" chain, but
> mixing GUI administration and manual administration is undesirable to
> prevent unexpected behavior, conflicts, etc, in the future. Is there
> really no way to open the ports for NFS server other than by hand?
Opening NFS servers is tricky - the default GUI is too simple to do it well.
You'll probably need to:
1) Learn about port "pinning" for NFS (so it always uses the same ports).
2) Use a fancier GUI, like firestarter (http://www.fs-security.com/), to
control your firewall.
NFS is insecure anyways, so you'll want to have another firewall outside
the client network also. Do not expose the NFS server to public access.
- Mike
More information about the fedora-list
mailing list