On 2023-05-01 17:55, Dave Howorth wrote:
On Mon, 01 May 2023 17:37:25 +0200 Per Jessen <> wrote:
Carlos E.R. wrote:
On 2023-05-01 15:54, Per Jessen wrote:
Carlos E. R. wrote:
On 2023-05-01 15:37, Per Jessen wrote:
ftp is really outdated. I suppose some hosting services still offer it (we do too), but it is not a function/protocol I would expect to see much development in.
No, but it is there. It is the firewall which doesn't support it.
This for you using an ftp client to access an external ftp service?
No, I have an ftp server in this machine. LAN only.
Aha okay - well, that works fine, certainly with iptables. I would not necessarily expect firewalld to directly support that. Well, I would not be surprised if it doesn't.
I am only saying - don't expect everything to work when you are not adhering to the commonly accepted conditions.
What commonly accepted conditions am I not adhering to?
Using NFS across a firewall is not typically done. Clients and servers are all expected to be on a trusted network. It is possible NFSv4 has made changes in this respect, I haven't looked.
I run both nfs server and clients in all my computers in my LAN, and I do want to keep all my machines with an active firewall. This is pretty normal.
I disagree. If the network is trusted, what is the point of a firewall?
I don't see the point in not using it.
NFS in particular is often performance sensitive since programs aren't written to expect it. So added cycles due to a firewall are a non-starter in a lot of use cases, quite apart from any other reasons.
I have been using NFS for decades across a firewall on each computer, no issues. Works fine with SuSEfirewall2. firewalld supports up to version 3 of nfs, it has problems with version 4. It is the fault of firewalld, not of iptables or whatever. The problem is that it doesn't know about the dynamic ports it opens. The hack is to make the server use a small range of ports and independently open them. See the last post. <https://unix.stackexchange.com/questions/243756/nfs-servers-and-firewalld> For openSUSE: <https://unix.stackexchange.com/questions/607268/how-do-i-open-firewall-for-nfs-server-on-opensuse-tumbleweed> Another post says to just open port 2049/tcp instead. <https://subscription.packtpub.com/book/networking-&-servers/9781785287831/6/ch06lvl1sec50/hosting-nfsv4-behind-a-firewall> Can't read the full post, though :-/ But indeed, nfs.xml opens port 2049. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)