Hi, what do I have to configure to use SuSEfirewall2 with NFS on the server and on the client? I am aware that for one of them, the SFW2 is maybe not suited. So does any of you use NFS with SFW2? Ré
On Wednesday 14 May 2003 19:43, René Matthäi wrote:
Hi,
what do I have to configure to use SuSEfirewall2 with NFS on the server and on the client? I am aware that for one of them, the SFW2 is maybe not suited. So does any of you use NFS with SFW2?
Ré
Hi. Just a literal answer to your question. Yes. I use fw2 with nfs on a lan but there's nothing special I had to do to let the traffic through. Does it work with fw2 turned off? None of our clients have fw2 installed. Our /etc/sysconfig/SuSEfirewall2 script has no reference to nfs anywhere in it. If the firewall or nfs gurus don't get back to you I'd go for turning off fw2 and checking the nfs *first* if I was going to spend valuable time on it. Good luck. I know exactly how you feel. Steve.
On Wed, 2003-05-14 at 12:48, fsanta wrote:
On Wednesday 14 May 2003 19:43, René Matthäi wrote:
what do I have to configure to use SuSEfirewall2 with NFS on the server and on the client? I am aware that for one of them, the SFW2 is maybe not suited. So does any of you use NFS with SFW2?
Good luck. I know exactly how you feel. Steve.
Ditto. I just went through a painful learning process with SuSEfirewall2. I have a firewall, a DMZ, and an internal network. The NFS server sits in the DMZ, and I can access it from the internal network, the DMZ, and the firewall. Here's the important parts of my /etc/sysconfig/SuSEfirewall2: FW_SERVICES_DMZ_UDP="domain 600:1023" FW_FORWARD="0/0,0/0,udp,2049 0/0,0/0,udp,800" I don't think this is the "right" way to do it, but it works. On the other hand, I'm thinking of using samba instead, since it's a little more disciplined in its use of ports, and it's more "robust" in that a hosed up firewall won't lock your machine so hard as to require a reboot to fix it. (I hate NFS. Is this really the best that we can do?) dk
On Wed, 2003-05-14 at 12:48, fsanta wrote:
On Wednesday 14 May 2003 19:43, René Matthäi wrote:
what do I have to configure to use SuSEfirewall2 with NFS on the server and on the client? I am aware that for one of them, the SFW2 is maybe not suited. So does any of you use NFS with SFW2?
Good luck. I know exactly how you feel. Steve.
Ditto. I just went through a painful learning process with SuSEfirewall2. I have a firewall, a DMZ, and an internal network. The NFS server sits in the DMZ, and I can access it from the internal network, the DMZ, and the firewall. Here's the important parts of my /etc/sysconfig/SuSEfirewall2:
FW_SERVICES_DMZ_UDP="domain 600:1023"
FW_FORWARD="0/0,0/0,udp,2049 0/0,0/0,udp,800"
I don't think this is the "right" way to do it, but it works. On the other hand, I'm thinking of using samba instead, since it's a little more disciplined in its use of ports, and it's more "robust" in that a hosed up firewall won't lock your machine so hard as to require a reboot to fix it. (I hate NFS. Is this really the best that we can do?)
dk I can't stand the script so we just redirected to squid in FW_REDIRECT and let
On Wednesday 14 May 2003 20:40, David Krider wrote: that handle it instead. It's only just another cop out that works. But don't agree on NFS. The NIS-NFS combination is a total winner on a lan. No one else can get anywhere near it under $10squillion! Steve.
On Wed, 2003-05-14 at 13:54, fsanta wrote: I left out something that I didn't know I needed until I got home today, and my workstation had been rebooted by my wife: 0/0,0/0,tcp,111
But don't agree on NFS. The NIS-NFS combination is a total winner on a lan. No one else can get anywhere near it under $10squillion!
If you're on a LAN, with no need for security, and all your clients are Unix-based, we're agreed. Otherwise... Regards, dk
On 14 May 2003 13:40:51 -0500
David Krider
to fix it. (I hate NFS. Is this really the best that we can do?)
Well I havn't tried it, but have been tempted every kernel upgrade. There is "coda", it's an advanced network filesystem. Read about it in /usr/src/linux/Documentation/filesystems/coda.txt http://www.coda.cs.cmu.edu/ljpaper/lj.html -- use Perl; #powerful programmable prestidigitation
Hi, David Krider schrieb:
On Wed, 2003-05-14 at 12:48, fsanta wrote:
I have a firewall, a DMZ, and an internal network. The NFS server sits in the DMZ, and I can access it from the internal network, the DMZ, and the firewall. Here's the important parts of my /etc/sysconfig/SuSEfirewall2:
FW_SERVICES_DMZ_UDP="domain 600:1023"
FW_FORWARD="0/0,0/0,udp,2049 0/0,0/0,udp,800"
On you firewall. But on the clients? Or just the other way round?
I don't think this is the "right" way to do it, but it works. On the other hand, I'm thinking of using samba instead, since it's a little more disciplined in its use of ports, and it's more "robust" in that a hosed up firewall won't lock your machine so hard as to require a reboot to fix it. (I hate NFS. Is this really the best that we can do?)
I read something in the SFW2 script. I think the right way to do it would either be not using SFW2 but your own script or using the trusted zone - but you cannot enter whole ranges of ports there which is disturbing, to my mind. Ré
participants (4)
-
David Krider
-
fsanta
-
René Matthäi
-
zentara