I'm running CentOS 5.2.
I've enabled NFS through the
system-config-securitylevel (firewall) tool but the client machine can't mount the NFS unless I first do
service iptables stop on the server.
Here's some output from the server:
Quote:
[root@localhost ~]# vi /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
ALL: 192.168.1.101
ALL: 192.168.1.102
|
Quote:
[root@localhost ~]# vi /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!
ALL: ALL
|
Quote:
[root@localhost ~]# nmap -sT -O localhost
Starting Nmap 4.20 ( http://insecure.org ) at 2008-07-22 17:27 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1687 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
619/tcp open unknown
631/tcp open ipp
669/tcp open unknown
1001/tcp open unknown
2049/tcp open nfs
3306/tcp open mysql
Device type: general purpose
....etc..
|
I can mount the NFS just fine as long as I turn off iptables. Obviously this is a security concern so I'd like to find out what specifically I need to enable to make this work.