[K12OSN] nfs mount /home and firewall/SELinux
mikko.jordman at edu.vantaa.fi
Thu Mar 29 15:54:19 UTC 2007
Well, the /home mounting is done via eth1, because the servers are on
subnet each. Would it be a better solution to have all the servers in same
subnet, with all having certain ip-range for DHCP an/or fixed ip:s for the
Or should I put a separate firewall between the servers and internet?
I'm trying to find a solution that would be easy and make it possible to have
more cheap server-power.
Until now I have had one 2*1GHz, 2Gb server for our school and now I'm
have 4 quite similar servers together either on one subnet or four separate
Lainaus Peter Scheie <peter at scheie.homedns.org>:
> Note that you can set your firewall blocking rules to only apply to
> eth1 which is the public-facing NIC. eth0, which is used to connect
> to the client machines, is usually on a private network, so there's
> little need for any firewall blocking on that interface. As Terrell
> said, most of us don't use any blocking rules on eth0.
> Terrell Prudé Jr. wrote:
>> That's a bit of a challenge, because of the way NFS works. There's
>> a RPC connection on (I believe TCP) port 111, the sunrpc port.
>> Then, from there, the client and server can negotiate any UDP port
>> above 2048 for NFS. Now, in practice that usually turns out to be
>> UDP port 2049, but it does not have to be, and I've seen other UDP
>> ports used. That's what makes NFS a challenge to firewall. It's
>> also one reason (no encryption is another) why you should never run
>> NFS on a network that you don't trust, i. e. across the Internet.
>> It's like SMB/CIFS in this way. The real issue here isn't
>> firewalling; it's sniffing. Most of us don't use either SELinux or
>> the built-in firewall on the LTSP servers themselves. Any
>> particular reason you need to do this?
>> Do you GNU!?
>> Microsoft Free since 2003 <http://www.gnu.org/>--the ultimate
>> antivirus protection!
>> Mikko Jordman wrote:
>>> Hello everybody!
>>> I have now 4 old servers ready to serve our school. I'm trying to
>>> get nfs mount
>>> /home working. I had no success until I turned firewall and SELinux off.
>>> Could somebody tell me how should I configure those to have them on and nfs
>>> mounting working?
>>> Mikko from Finland
>>> K12OSN mailing list
>>> K12OSN at redhat.com
>>> For more info see <http://www.k12os.org>
>> K12OSN mailing list
>> K12OSN at redhat.com
>> For more info see <http://www.k12os.org>
> K12OSN mailing list
> K12OSN at redhat.com
> For more info see <http://www.k12os.org>
More information about the K12OSN