[K12OSN] NFS thru firewall on FC2.

"Terrell Prudé, Jr." microman at cmosnetworks.com
Tue Sep 21 23:19:45 UTC 2004 

Hmm...one of the problems is that NFS can pick any port above UDP 2049.  
You use UDP 111 to head over to the portmapper service, yes, but then 
portmapper takes over and maps the specific service (in this case, NFS) 
over to some random UDP port per the above.

Fortunately, the port actually chosen by the portmapper for most NFS 
daemons is UDP 2049.  Therefore, you could probably get away with 
opening UDP 2049 and UDP 111 on the firewall.  If that doesn't work, 
then try also opening TCP 2049 and TCP 111, since NFS these days can use 
TCP as well.

Yes, I'm dyin' of curiosity:  how come you need to do this?  Not passing 
judgment; you've simply got me wonderin'....

--TP

>Terrell :
> 
>Normally I would never do this either, but it is a temporary setup.
>The box will be re-imaged after and eth0 will be trusted,
>so I don't really care if it gets hacked or not.
> 
>Pete
>
>	-----Original Message----- 
>	From: "Terrell Prudé, Jr." [mailto:microman at cmosnetworks.com] 
>	Sent: Mon 9/20/2004 5:27 PM 
>	To: Support list for opensource software in schools. 
>	Cc: 
>	Subject: Re: [K12OSN] NFS thru firewall on FC2.
>	
>	
>
>	Hello Peter,
>	
>	Personally, I would never, *ever* run NFS in a situation in which the
>	network wasn't trusted.  That's why we don't do it across the Internet
>	(same with SMB filesharing, BTW).  The only things that I trust at this
>	point for transferring "privileged" data across an untrusted network are
>	encrypted transmissions, such as SSH, IPSec, and SSL-encrypted tunnels.
>	
>	Can you tell us why you need to have eth0 as untrusted?  If we know your
>	requirements, we might be able to help you out better.
>	
>	Thanks,
>	
>	--TP
>	
>	Peter Van den Wildenbergh wrote:
>	
>	>Hi Gang :
>	>
>	>Does somebody know how to get NFS going thru a firewall?
>	>My diskless clients boot unless I impose my firewall rules on eth0 (the card that is connected to the clients)
>	>Due to a particular set-up I would like to set eth0 as 'untrusted'
>	>
>	>I found this how-to but it is out-of-date (RH7/8)
>	>http://www.lowth.com/LinWiz/nfs_help.html
>	>
>	>Can anybody give advice on this?
>	>
>	>Thanks in advance
>	>
>	>Peter
>

More information about the K12OSN mailing list