Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse (2358 mails)

< Previous Next >
Re: [SLE] ipchains, firewalling, icq, and a cool net program
  • From: kuhlmav@xxxxxxxxxxxxxxxxxxxxx (Volker Kuhlmann)
  • Date: Sat, 02 Oct 1999 13:14:12 +1200 (NZST)
  • Message-id: <199910020114.NAA24894@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>



> 5) NFS. Does anyone know what ports have to be open on my side to be able to
> mount volumes via NFS?

none - I think

> How secure is it?

Not really. But then, it depends of what you want to do. The NFS
protocoll depends on clients being trustable. That means e.g. when a
server exports users' home directories to other hosts, it relies on
these hosts to make sure users are who they say they are. If someone
therefore hacks the client and pretends to be someone else (this could
probably also be done with some network-fiddling) the server has no way
of knowing. Authentication is done on teh client host by the client's OS.
Chose your clients carefully... you might not have a choice though.

Basically, if yo have files which you only want to have acessible to some
but not other users things are tricky. Otherwise it's fine, e.g. exporting
your cdrom drive or our /usr/local to everyone@everyhost. As long as
you export read-only - this flag is handled by the server and therefore
would have to be hacked there, not on the clients. Any write-requests
(real or faked) would be ignored by the NFS server.

Keep in mind that in the case of /usr/local, if you have files there
you only intend for root forget it. Anyone on the net can pretend to be
root. See above re user-authentication.

> Does the RPC portmapper daemon need to
> be running on my end? Or any other daemon (eg mount)? man nfs mentioned the
> default port being udp 2049. Is this the only one I have to open? Do I have to
> expect incoming connections (I'm not going to be doing any sharing, just
> mounting)? What port should I expect a reply to?

You can mount (import?) NFS filesytems from other hosts without those
3 daemons (I think), but for exporting/sharing you need to have those
daemons running. Exports are controlled by /etc/exports (you can modify
at run-time with exportfs/kexportfs).

> Again, could someone with
> experience using NFS through a firewall help me?

Not me sorry.

Volker


--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/


< Previous Next >