[K12OSN] nfs mount /home and firewall/SELinux

Peter Scheie peter at scheie.homedns.org
Thu Mar 29 14:58:50 UTC 2007 

Note that you can set your firewall blocking rules to only apply to eth1 which is the 
public-facing NIC.  eth0, which is used to connect to the client machines, is usually on 
a private network, so there's little need for any firewall blocking on that interface. 
As Terrell said, most of us don't use any blocking rules on eth0.

Petre

Terrell Prudé Jr. wrote:
> That's a bit of a challenge, because of the way NFS works.  There's a 
> RPC connection on (I believe TCP) port 111, the sunrpc port.  Then, from 
> there, the client and server can negotiate any UDP port above 2048 for 
> NFS.  Now, in practice that usually turns out to be UDP port 2049, but 
> it does not have to be, and I've seen other UDP ports used. 
> 
> That's what makes NFS a challenge to firewall.  It's also one reason (no 
> encryption is another) why you should never run NFS on a network that 
> you don't trust, i. e. across the Internet.  It's like SMB/CIFS in this 
> way.  The real issue here isn't firewalling; it's sniffing.  Most of us 
> don't use either SELinux or the built-in firewall on the LTSP servers 
> themselves.  Any particular reason you need to do this?
> 
> --TP
> _______________________________
> Do you GNU!?
> Microsoft Free since 2003 <http://www.gnu.org/>--the ultimate antivirus 
> protection!
> 
> 
> Mikko Jordman wrote:
>> Hello everybody!
>> I have now 4 old servers ready to serve our school. I'm trying to get nfs mount
>> /home working. I had no success until I turned firewall and SELinux off.
>>
>> Could somebody tell me how should I configure those to have them on and nfs
>> mounting working?
>>
>> Greets,
>> Mikko from Finland
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>>   
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

More information about the K12OSN mailing list