Re: NFS and iptables. - Alistair Tonner

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Alistair Tonner <Alistair@nerdnet.ca>
To: netfilter@lists.netfilter.org
Subject: Re: NFS and iptables.
Date: Sat, 24 Apr 2004 21:47:20 -0400	[thread overview]
Message-ID: <200404242147.20871.Alistair@nerdnet.ca> (raw)
In-Reply-To: <1082853174.24647.8.camel@james>

On April 24, 2004 08:32 pm, Krunk wrote:
> sunrpc is port 111 as defined in /etc/services.
>
> I'll try to explicitly set port 111.
>
> No same result, same type of logs being show. Thanks for the suggestion
> though.
>
> On Sat, 2004-04-24 at 18:12, Cedric Blancher wrote:
> > Le dim 25/04/2004 à 00:00, Krunk a écrit :
> > > I've bound my NFS ports (moountd, statd, lockd, quotad) and freed up
> > > the ports they are bound to, but the client still hangs when I try to
> > > mount the remote share.
> >
> > [...]
> >
> > > command that opens ports:
> > >  NFS="2049 32764 32765 32766 32767 32768 32772 sunrpc"
> >
> > [...]
> >
> > > Apr 24 16:53:35 tuxmac DROPl:IN=eth1 OUT= MAC=<mac here>
> > > SRC=192.168.xxx.xxx DST=192.168.xxx.xxx LEN=60 TOS=0x00 PREC=0x00
> > > TTL=64 ID=41035 DF PROTO=TCP SPT=896 DPT=111 WINDOW=5840 RES=0x00 SYN
> > > URGP=0
> >
> > As far as I can see, your client is trying to connect to portmapper in
> > order to get NFS service port back. But there's nothing in your script
> > excerpt that opens TCP/111.
> >
> > PS : maybe you should consider use the RPC helper available in
> > patch'o'matic extra section.


	Silly question ... you are opening ports for state NEW ... I don't see an 
explicit rule for ESTABLISHED RELATED any where ... but I'm assuming that 
rule exists somewhere ...... else.

	Alistair Tonner 
	
	(sometimes the simplest answers.....)

next prev parent reply	other threads:[~2004-04-25  1:47 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-04-24 22:00 NFS and iptables Krunk
2004-04-24 23:12 ` Cedric Blancher
2004-04-24 23:40   ` John A. Sullivan III
2004-04-25  8:24     ` Cedric Blancher
2004-04-25  0:32   ` Krunk
2004-04-25  1:47     ` Alistair Tonner [this message]
2004-04-25  1:48     ` NFS and iptables.[FIXED] Krunk

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200404242147.20871.Alistair@nerdnet.ca \
    --to=alistair@nerdnet.ca \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox