Hi,
I got that firewals packet filter thing going - which was a lot easier than delving straight into ipchains! What I'd like to know is which settings to use when I want to allow NFS exporting to the local trusted network (the FW_SERVICES_INTERNAL variables). The ports involved seem to be a little on the move?? Sorry of this was up before, but can someone point me to some reasonable settings which work in practice?
Thanks, Volker
I think that running NFS on a firewall is _never_ reasonable. I played a while with Portsentry in atcp/audp mode and yes, the ports NFS uses are more or less unpredictable. The only "standard" ports which I found to be reliable on Linux systems are 111 (portmapper) and 2049 (rpc.nfsd). BTW the portmapper and rpc.mountd on SuSE have tcp wrapper support compiled in. Thus, the following entries in /etc/hosts.deny would give at least some _basic_ protection: portmap: ALL rpc.mountd: ALL The proper solution IMHO would be to firewall rpc services at your border routers. A firewall with server functionality is a contradiction in itself and certainly not recommended. Cheers, Martin -- Martin Leweling Institut fuer Planetologie, WWU Muenster Wilhelm-Klemm-Str. 10, 48149 Muenster, Germany E-Mail (work): lewelin@uni-muenster.de