Re: [suse-security] nfs on susefirewall2

22 Sep 2001


      Ok I got nfs server on firewall working with the following ports (portmap 
111, mount 635, nfsd-status and nfsd-keepalive 1110, NFS 2049) in play. Some 
may not be required but this is as far as I got it now functional.

FW_SERVICES_INT_TCP="smtp domain ftp ssh www telnet 111 139 635 1110 2049"
FW_SERVICES_INT_UDP="domain 111 635 1110 2049"

mk
...
From: "Purple Shirt" <purpleshirt@hotmail.com>
To: suse-security@suse.com
Subject: [suse-security] nfs on susefirewall2
Date: Fri, 21 Sep 2001 07:18:35
MIME-Version: 1.0
X-Originating-IP: [144.132.216.228]
Received: from [202.58.118.7] by hotmail.com (3.2) with ESMTP id 
MHotMailBD74350300AC4136E817CA3A76070A8B0; Fri, 21 Sep 2001 00:19:31 -0700
Received: (qmail 5469 invoked by alias); 21 Sep 2001 07:18:06 -0000
Received: (qmail 5460 invoked from network); 21 Sep 2001 07:18:05 -0000
From suse-security-return-9213-purpleshirt Fri, 21 Sep 2001 00:20:06 -0700
Mailing-List: contact suse-security-help@suse.com; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Post: <mailto:suse-security@suse.com>
List-Help: <mailto:suse-security-help@suse.com>
List-Unsubscribe: <mailto:suse-security-unsubscribe@suse.com>
List-Subscribe: <mailto:suse-security-subscribe@suse.com>
X-Mailinglist: suse-security
Delivered-To: mailing list suse-security@suse.com
Message-ID: <F112uylJc0xvlUQ9cAg00000821@hotmail.com>
X-OriginalArrivalTime: 21 Sep 2001 07:18:35.0273 (UTC) 
FILETIME=[A061FF90:01C1426D]
Hello,
I have a working nfs server on susefirewall2 box (suse 7.2). I know its
working because I put the firewall on unprotect status. If I put it on
protect status for internal I can't mount internally. I put this into
susefirewall2.rc.config:
# Common: ssh smtp domain
FW_SERVICES_INT_TCP="smtp domain ftp ssh www telnet 111 139 2049"
# Common: domain syslog
FW_SERVICES_INT_UDP="111 2049"
# For VPN/Routing which END at the firewall!!
FW_SERVICES_INT_IP=""
This o[pens up portmap and nfs server ports, 111 and 2049. But it doesn't
work.
Maybe the firewall script should contain more options as:
FW_SERVICE_DNS="no"
FW_SERVICE_DHCLIENT="no"
FW_SERVICE_DHCPD="yes"
FW_SERVICE_SQUID="yes"
FW_SERVICE_SAMBA="yes"
as in
FW_SERVICE_NFS
FW_SERVICE_NTPD
...
...
Well I'd appreciate comments on how to make suse's firewall work with nfs.
Thanks,
mk
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
--
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

Purple Shirt

tags

participants (1)