Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Nmaping localhost is usually not a good way to get an idea of what ports are open when troubleshooting networking/firewall problems. Try nmaping from the remote machine instead. Often firewalls will allow local traffic (traffic that the system is sending to itself) but will handle remote traffic more strictly.
1. Should already be enabled. The fact that you can run iptables -L indicates that it's enabled and running.
2. As long as you are running a stock 2.4 (or newer) series kernel it should have it enabled. If you've compiled your own kernel, then you'd need to make sure that the netfilter options are selected during the kernel config step.
3. As far as I'm aware, Slack keeps it's iptables script in /etc/rc.d/rc.firewall
I tried nmapping from the remote machine. At first I got the respose that the host was down. It suggested I try -P0. I did this and got this response:
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
2049/tcp closed nfs
I copied an rc.firewall from a tutorial and modified it. Here is what my rc.firewall looks like:
# rc.firewall for
# Basic Slackware Security
# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -P INPUT DROP
iptables -P FORWARD DROP
# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT
# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -i eth0 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -i eth0 -j ACCEPT
Judging from the error message and your firewall rules, it looks like the problem is due to mountd (rpc.mountd). To start, rule out all the other possibilities. Do the following as root:
iptables -P INPUT ACCEPT
then try connecting with the NFS client. If it works, then you know it's the firewall, if it doesn't work then the problem is elsewhere. Once you are done testing, re-run your firewall script to restore your firewall.
If the problem is the firewall, then it's likely that you'll need to set mountd to run on a single pre-defined port and then open up that port as well for mountd.