[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] nfs mount /home and firewall/SELinux



Well, the /home mounting is done via eth1, because the servers are on separate
subnet each. Would it be a better solution to have all the servers in same
subnet, with all having certain ip-range for DHCP an/or fixed ip:s for the
clients?
Or should I put a separate firewall between the servers and internet?
I'm trying to find a solution that would be easy and make it possible to have
more cheap server-power.

Until now I have had one 2*1GHz, 2Gb server for our school and now I'm trying to
have 4 quite similar servers together either on one subnet or four separate
subnets.

Greets mikkoj


Lainaus Peter Scheie <peter scheie homedns org>:

Note that you can set your firewall blocking rules to only apply to eth1 which is the public-facing NIC. eth0, which is used to connect to the client machines, is usually on a private network, so there's little need for any firewall blocking on that interface. As Terrell said, most of us don't use any blocking rules on eth0.

Petre

Terrell Prudé Jr. wrote:
That's a bit of a challenge, because of the way NFS works. There's a RPC connection on (I believe TCP) port 111, the sunrpc port. Then, from there, the client and server can negotiate any UDP port above 2048 for NFS. Now, in practice that usually turns out to be UDP port 2049, but it does not have to be, and I've seen other UDP ports used. That's what makes NFS a challenge to firewall. It's also one reason (no encryption is another) why you should never run NFS on a network that you don't trust, i. e. across the Internet. It's like SMB/CIFS in this way. The real issue here isn't firewalling; it's sniffing. Most of us don't use either SELinux or the built-in firewall on the LTSP servers themselves. Any particular reason you need to do this?

--TP
_______________________________
Do you GNU!?
Microsoft Free since 2003 <http://www.gnu.org/>--the ultimate antivirus protection!


Mikko Jordman wrote:
Hello everybody!
I have now 4 old servers ready to serve our school. I'm trying to get nfs mount
/home working. I had no success until I turned firewall and SELinux off.

Could somebody tell me how should I configure those to have them on and nfs
mounting working?

Greets,
Mikko from Finland

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>


------------------------------------------------------------------------

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>

_______________________________________________
K12OSN mailing list
K12OSN redhat com
https://www.redhat.com/mailman/listinfo/k12osn
For more info see <http://www.k12os.org>






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]