[K12OSN] nfs mount /home and firewall/SELinux
Mikko Jordman
mikko.jordman at edu.vantaa.fi
Thu Mar 29 15:54:19 UTC 2007
Well, the /home mounting is done via eth1, because the servers are on
separate
subnet each. Would it be a better solution to have all the servers in same
subnet, with all having certain ip-range for DHCP an/or fixed ip:s for the
clients?
Or should I put a separate firewall between the servers and internet?
I'm trying to find a solution that would be easy and make it possible to have
more cheap server-power.
Until now I have had one 2*1GHz, 2Gb server for our school and now I'm
trying to
have 4 quite similar servers together either on one subnet or four separate
subnets.
Greets mikkoj
Lainaus Peter Scheie <peter at scheie.homedns.org>:
> Note that you can set your firewall blocking rules to only apply to
> eth1 which is the public-facing NIC. eth0, which is used to connect
> to the client machines, is usually on a private network, so there's
> little need for any firewall blocking on that interface. As Terrell
> said, most of us don't use any blocking rules on eth0.
>
> Petre
>
> Terrell Prudé Jr. wrote:
>> That's a bit of a challenge, because of the way NFS works. There's
>> a RPC connection on (I believe TCP) port 111, the sunrpc port.
>> Then, from there, the client and server can negotiate any UDP port
>> above 2048 for NFS. Now, in practice that usually turns out to be
>> UDP port 2049, but it does not have to be, and I've seen other UDP
>> ports used. That's what makes NFS a challenge to firewall. It's
>> also one reason (no encryption is another) why you should never run
>> NFS on a network that you don't trust, i. e. across the Internet.
>> It's like SMB/CIFS in this way. The real issue here isn't
>> firewalling; it's sniffing. Most of us don't use either SELinux or
>> the built-in firewall on the LTSP servers themselves. Any
>> particular reason you need to do this?
>>
>> --TP
>> _______________________________
>> Do you GNU!?
>> Microsoft Free since 2003 <http://www.gnu.org/>--the ultimate
>> antivirus protection!
>>
>>
>> Mikko Jordman wrote:
>>> Hello everybody!
>>> I have now 4 old servers ready to serve our school. I'm trying to
>>> get nfs mount
>>> /home working. I had no success until I turned firewall and SELinux off.
>>>
>>> Could somebody tell me how should I configure those to have them on and nfs
>>> mounting working?
>>>
>>> Greets,
>>> Mikko from Finland
>>>
>>> _______________________________________________
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> https://www.redhat.com/mailman/listinfo/k12osn
>>> For more info see <http://www.k12os.org>
>>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> K12OSN mailing list
>> K12OSN at redhat.com
>> https://www.redhat.com/mailman/listinfo/k12osn
>> For more info see <http://www.k12os.org>
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
More information about the K12OSN
mailing list