Jeffrey Laramie wrote:
This is a tough situation since the nfs daemons use portmapper which assigns them the next available open port at service startup. Every time the service restarts it will use a different port. In the past I've just kept opening up ports based on my log of dropped packets. This is an ugly solution at best. I've recently been trying to find a better way but I haven't been completely successful. Here's where I'm at:
Current method 1. Insert a logging rule in front of any "drop" rule using the same parameters and a log rule at the end of any table that has a default policy of drop. This way you always know when the firewall drops a packet.
2. Try to connect from the client. Check the log and see what port was blocked. Open port and repeat.
You might want to test the latest SuSEfirewall2 and see if this helps. There has been a lot that's changed since 9.0, especially in this area. Check it out at ftp://ftp.oregonstate.edu/pub/suse/people/lnussel/SuSEfirewall2/SuSEfirewall2-3.3-6.noarch.rpm Disclaimer, these are not officially supported packages, so if it does not work in some way your feedback would be appreciated I'm sure. I have been using it for a few weeks now on 9.2 and it seems to work very well. HTH -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Registered Linux user 231871