LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-21-2004, 01:14 AM   #1
niverson
Member
 
Registered: Jun 2003
Location: Colorado
Distribution: Fedora Core 4
Posts: 128

Rep: Reputation: 15
client-side firewall setup that works with NFS


Does anyone know how to set up a firewall on a host system that allows NFS shares to mount? I have set up my NFS server with a firewall -- there a several site that have instruction for this. Every attempt I have made to setup the client-side firewall has caused the NFS shares to disappear until I disable the client side firewall, then they reappear. I have not been able to find a site the details the steps to setup the client-side firewall with NFS access. I'm trying to harden my home lan as much as possible and still use NFS.

thanks,
Nate
 
Old 02-21-2004, 11:14 AM   #2
spurious
Member
 
Registered: Apr 2003
Location: Vancouver, BC
Distribution: Slackware, Ubuntu
Posts: 558

Rep: Reputation: 31
Are your NFS server and client boxes on a LAN, or are you trying to serve your NFS over the internet? (the latter is apparently highly discouraged as NFS is not secure).

You should post your client firewall/iptables script.
 
Old 02-21-2004, 11:20 AM   #3
niverson
Member
 
Registered: Jun 2003
Location: Colorado
Distribution: Fedora Core 4
Posts: 128

Original Poster
Rep: Reputation: 15
The server and client are on my home LAN behind a linksys BEFSR41 gateway/router. Basically, my print server is firewalled. My NFS server is firewalled. My everyday-use system is not firewalled becuase of the NFS shares issue. I'm trying to build up my rings of security.

Thanks for the question,
Nate
 
Old 02-21-2004, 11:23 AM   #4
niverson
Member
 
Registered: Jun 2003
Location: Colorado
Distribution: Fedora Core 4
Posts: 128

Original Poster
Rep: Reputation: 15
Oops forgot to respond to the iptables question. My client has no firewall set up. So there is no iptables. I need to know how to set the required NFS ports to static port numbers, so I can then open those port numbers in the firewall.

Nate
 
Old 02-21-2004, 04:25 PM   #5
spurious
Member
 
Registered: Apr 2003
Location: Vancouver, BC
Distribution: Slackware, Ubuntu
Posts: 558

Rep: Reputation: 31
Okay, did a google for "port number nfs", and found this link that seems useful:

HOWTO: Configuring NFS under Linux for Firewall control This link has some information on opening ports for NFS.

That site also hosts LinWiz, which is apparently an online iptables script-creation tool. I didn't try it, although you might want to. I briefly looked at it, and the Server configuration has options for NFS.

An alternative approach, although probably not too secure, would be to allow the workstation to accept all traffic from your server. I've never had to do this, but after consulting an iptables tutorial and the iptables manpage, you could try the following rule in your workstation's firewall script:

iptables -A INPUT -t filter -s $MYSERVER -j ACCEPT

where $MYSERVER is a variable assigned with either the hostname of your server or its IP address.

Last edited by spurious; 02-21-2004 at 04:43 PM.
 
Old 02-21-2004, 11:13 PM   #6
niverson
Member
 
Registered: Jun 2003
Location: Colorado
Distribution: Fedora Core 4
Posts: 128

Original Poster
Rep: Reputation: 15
That is the website I used to set up the server-side firewall rules. I have already tried this on the client and my NFS shares disappear.

Thanks for the repsonse,
Nate
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
client side NFS files? bobbens Linux - Networking 3 11-01-2004 02:52 AM
NFS - group permision problems on client side top001 Linux - Networking 1 02-12-2004 02:08 PM
help with client side NFS-firewall setup and server side NIS-firewall setup niverson Linux - Networking 3 02-02-2004 08:52 AM
Client side firewall setup for NFS niverson Linux - Networking 0 12-31-2003 02:00 PM
NFS: Empty directories on Client side mjgeiger Linux - Networking 8 12-04-2002 03:02 PM


All times are GMT -5. The time now is 09:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration