What linux lacks most - a decent remote fs

John Summerfield debian at herakles.homelinux.org
Wed Mar 26 15:12:12 UTC 2008 

Chris G wrote:
> On Wed, Mar 26, 2008 at 11:44:58PM +0900, John Summerfield wrote:
>> Tim wrote:
>>> On Wed, 2008-03-26 at 09:53 -0400, Tom Horsley wrote:
>>>> can't believe how widely used NFS is, because it is the source of
>>>> endless problems for me. I've never seen it work with any kind of
>>>> reliability at all. One thing I'll say for samba is that the data
>>>> actually seems to show up correctly on the other side :-). 
>>> I've had the opposite.  Samba stalling and transferring at a rate slower
>>> than I can retype a file.  Samba never managing to connect to the other
>>> side.  The hassles of manually setting up each user.  The hassles of
>>> file permissions and ownership getting screwed up in transit.  Compared
>>> to NFS working without pain.
>>>
>>> Though, I have to say that my painless NFS server is on a FC4 machine,
>>> and that works fine.  I've found I've had to manually mess with
>>> firewalling to get it to work through anything higher than FC4.
>>>
>> I'm surprised you don't need to with FC4. It's actually fairly simple.
>> [root at mail.js.id.au sysconfig]# cat nfs
>> LOCKD_TCPPORT=32768
>> LOCKD_UDPPORT=32788
>> RQUOTAD_PORT=621
>> MOUNTD_PORT=640
>>
> Surely a far easier approach to the firewall issues is to remove the
> firewall completely to the interface between your LAN and the outside
> world.  I just turn the firewall off on all the systems on my LAN and
> the router firewall is set up to give me the security I want.  It
> simplifies maintenance too because there is only one firewall to set
> up and systems behind the firewall can be as lax as they like and be
> re-installed frequently without problems.

I have several subnets at school (students, staff) and at home 
(different physical locations). Traffic between subnets is filtered.


My firewalls filter traffic both ways. Should you actually manage to 
install malware inside my LAN, it might be able to do spam _if_ it can 
contact an IRC bot, but it probably can't do that, and certainly 
portscanning the world will be difficult.

If you run a web server or a whois server on a non-standard port, the 
odds are good I won't visit your server.




> 


-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

More information about the fedora-list mailing list