From: "Randall J. Parr" <RParr@TemporalArts.COM>
To: Guarddog-user@lists.sourceforge.net,
netfilter@lists.netfilter.org, psyche-list@redhat.com
Subject: problem configuring for NFS between RH8 and RH6
Date: Wed, 08 Jan 2003 11:48:31 -0800 [thread overview]
Message-ID: <3E1C808F.9030202@TemporalArts.com> (raw)
I have several RedHat 8, RedHat 7 and RedHat 6 servers.
I am using iptables on the RedHat 7 and 8 servers which I configure
using GuardDog.
I have been successful configured the firewall for and using NFS RH8 <->
RH8 and RH8 <-> RH7.
In the GuardDog, under Protocol, File Transfer, enabling NFS was
sufficient to allow RH8 <-> RH8 NFS.
However, when I try to use NFS RH8 <-> RH6 the firewall not allowing the
NFS transactions.
At first the log messages indicated RH8 -> RH6 port 111 was being
dropped. In GuardDog, enabling Protocol, Interactive, Sun RPC got past
this block.
But then the log messages indicated RH8 -> RH6 port 887 was being
dropped. Note that the dynamic port (in this example 887) changes every
time I restarted RH6 NFS.
I believe the problem is that RH6 NFS is using dynamic ports below 1024
and my RH8 kernel settings (sysctl.conf) and GuardDog settings limit the
dynamic port range to 1024 thru 65000.
I tried to change the dynamic port range via GuardDog but it does not
allow a value below 1024.
Note: if I disable the firewall temporarily (via GuardDog) NFS RH8 <->
RH6 works just fine.
I'm not sure how best (and most safely) to fix this.
QUES 1) Is it possible/safe to change the dynamic port range to
something below 1024? If it is, how do I do that in GuardDog?
QUES 2) Is it possible to configure the RH6 NFS to only use dynamic
ports above 1024? And if so, how? (I know how on RH7/8 but RH6 is, uh,
less "advanced").
QUES 3) Am I off base and this is not the problem at all?
Thanks
R.Parr
Temporal Arts
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
next reply other threads:[~2003-01-08 19:48 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-01-08 19:48 Randall J. Parr [this message]
2003-01-08 22:06 ` problem configuring for NFS between RH8 and RH6 Athan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E1C808F.9030202@TemporalArts.com \
--to=rparr@temporalarts.com \
--cc=Guarddog-user@lists.sourceforge.net \
--cc=netfilter@lists.netfilter.org \
--cc=psyche-list@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.