[rhelv6-list] NFS and iptables
thomas at redhat.com
thomas at redhat.com
Thu Mar 1 16:48:39 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/01/2012 10:39 AM, "Weiergräber, Oliver H." wrote:
> Hello,
>
> I am currently working through setting up NFS with RHEL 6, trying
> to arrange with iptables (and SElinux) which, admittedly, I used to
> disable in the past.
I am really glad to hear that you're using SELinux, this is great news.
You probably want to take a peek at, e.g.
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html
and
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html
> Am I right thinking that when using NFS4, the one and only thing to
> do is open port 2049 in iptables?
Take a look at
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NFS.html.
> Redhat documentation is somwhat unclear with respect to port
> requirements: In all examples they recommend to fix and open
> several ports assigned by rpcbind, but nfs4 is said to not require
> rpcbind at all!
I don't know, there's a whole chapter on it at
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-nfs.html
Specifically
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-nfs-firewall-config.html
talks about doing what you want.
Hope this is helpful!
- --
Thomas Cameron, RHCA, RHCSS, RHCDS, RHCVA, RHCX
Chief Architect, Canada and Central US
512-241-0774 office / 512-585-5631 cell
http://people.redhat.com/tcameron/
IRC: choirboy / AIM: rhelguy / Yahoo: rhce_guy /Google+
http://ongpl.us/tdc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9PqGcACgkQmzle50YHwaBvAwCfatk0QmjjRF/LItyznCuZkwpT
1yYAnRUqijFuMU0VdM158zitwWps6Y/c
=U8qF
-----END PGP SIGNATURE-----
More information about the rhelv6-list
mailing list