* problem configuring for NFS between RH8 and RH6
@ 2003-01-08 19:48 Randall J. Parr
2003-01-08 22:06 ` Athan
0 siblings, 1 reply; 2+ messages in thread
From: Randall J. Parr @ 2003-01-08 19:48 UTC (permalink / raw)
To: Guarddog-user, netfilter, psyche-list
I have several RedHat 8, RedHat 7 and RedHat 6 servers.
I am using iptables on the RedHat 7 and 8 servers which I configure
using GuardDog.
I have been successful configured the firewall for and using NFS RH8 <->
RH8 and RH8 <-> RH7.
In the GuardDog, under Protocol, File Transfer, enabling NFS was
sufficient to allow RH8 <-> RH8 NFS.
However, when I try to use NFS RH8 <-> RH6 the firewall not allowing the
NFS transactions.
At first the log messages indicated RH8 -> RH6 port 111 was being
dropped. In GuardDog, enabling Protocol, Interactive, Sun RPC got past
this block.
But then the log messages indicated RH8 -> RH6 port 887 was being
dropped. Note that the dynamic port (in this example 887) changes every
time I restarted RH6 NFS.
I believe the problem is that RH6 NFS is using dynamic ports below 1024
and my RH8 kernel settings (sysctl.conf) and GuardDog settings limit the
dynamic port range to 1024 thru 65000.
I tried to change the dynamic port range via GuardDog but it does not
allow a value below 1024.
Note: if I disable the firewall temporarily (via GuardDog) NFS RH8 <->
RH6 works just fine.
I'm not sure how best (and most safely) to fix this.
QUES 1) Is it possible/safe to change the dynamic port range to
something below 1024? If it is, how do I do that in GuardDog?
QUES 2) Is it possible to configure the RH6 NFS to only use dynamic
ports above 1024? And if so, how? (I know how on RH7/8 but RH6 is, uh,
less "advanced").
QUES 3) Am I off base and this is not the problem at all?
Thanks
R.Parr
Temporal Arts
--
Psyche-list mailing list
Psyche-list@redhat.com
https://listman.redhat.com/mailman/listinfo/psyche-list
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: problem configuring for NFS between RH8 and RH6
2003-01-08 19:48 problem configuring for NFS between RH8 and RH6 Randall J. Parr
@ 2003-01-08 22:06 ` Athan
0 siblings, 0 replies; 2+ messages in thread
From: Athan @ 2003-01-08 22:06 UTC (permalink / raw)
To: Randall J. Parr; +Cc: Guarddog-user, netfilter, psyche-list
[-- Attachment #1: Type: text/plain, Size: 1180 bytes --]
On Wed, Jan 08, 2003 at 11:48:31AM -0800, Randall J. Parr wrote:
> But then the log messages indicated RH8 -> RH6 port 887 was being
> dropped. Note that the dynamic port (in this example 887) changes every
> time I restarted RH6 NFS.
Assuming this is the user-space NFS daemon, not the in-kernel one you
should be able to make use of the following option for the mountd:
-P portnum or --port portnum
Makes mountd listen on port portnum instead of some
random port. By default, mountd will listen on the
mount/udp port specified in /etc/services, or, if
that is undefined, on some arbitrary port number
below 1024.
Reading the above, if you put a line in /etc/services like:
mount 887/udp
Then it will *ALWAYS* use that port and you can simply open that up in
your firewall settings.
HTH,
-Ath
--
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
Finger athan(at)fysh.org for PGP key
"And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME
[-- Attachment #2: Type: application/pgp-signature, Size: 240 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-01-08 22:06 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-01-08 19:48 problem configuring for NFS between RH8 and RH6 Randall J. Parr
2003-01-08 22:06 ` Athan
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.