On Monday 06 September 2004 23:00, you wrote:
For NFS, you need RPC and the NFS port itself... although one has to ask, why you want to pass NFS through a firewall in the first place.
My firewall has the internal interface set to "None". Doesn't this mean that all internal machines on the LAN should be able to mount an exported NFS drive? As I said I know the NFS client is running on the other machine because mounting two Red Hat boxes works fine. john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net ############################################# ------------------------------------------------------- -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
Ummm... if you are talking about the SuSE Firewall package, then having the internal interface set to none, means that the only rules that will be applied by the firewall will be those define for an external interface... Or are you using the "personal firewall"? - Herman John N. Alegre wrote:
On Monday 06 September 2004 23:00, you wrote:
For NFS, you need RPC and the NFS port itself... although one has to ask, why you want to pass NFS through a firewall in the first place.
My firewall has the internal interface set to "None". Doesn't this mean that all internal machines on the LAN should be able to mount an exported NFS drive?
As I said I know the NFS client is running on the other machine because mounting two Red Hat boxes works fine.
john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
-------------------------------------------------------
On Monday 06 September 2004 23:16, Herman Knief wrote:
Ummm... if you are talking about the SuSE Firewall package, then having the internal interface set to none, means that the only rules that will be applied by the firewall will be those define for an external interface... Or are you using the "personal firewall"?
I am using SuSE Firewal with internal interface set to "none". Am I wrong? This should not prevent another box on the LAN to mount exported NFS directories. john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
On Tuesday 07 Sep 2004 17:30 pm, John N. Alegre wrote:
On Monday 06 September 2004 23:16, Herman Knief wrote:
Ummm... if you are talking about the SuSE Firewall package, then having the internal interface set to none, means that the only rules that will be applied by the firewall will be those define for an external interface... Or are you using the "personal firewall"?
I am using SuSE Firewal with internal interface set to "none". Am I wrong? This should not prevent another box on the LAN to mount exported NFS directories.
That very much depends on how you have your network set up... can you describe it for us? Dylan
john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
-- "I see your Schwartz is as big as mine" -Dark Helmet
On Tuesday 07 September 2004 11:40, Dylan wrote:
That very much depends on how you have your network set up... can you describe it for us?
Dylan All machines have a staic IP, connected to a HUB which is then connected to a Cisco DSL router. DNS provided by IP. Operating systems include RedHat Linux 8.1, Mac OS 10.3.4, and SuSE Pro 9.1.
Is this what you wanted to know. I will provide more info if needed. john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
On Tuesday 07 Sep 2004 18:39 pm, John N. Alegre wrote:
On Tuesday 07 September 2004 11:40, Dylan wrote:
That very much depends on how you have your network set up... can you describe it for us?
Dylan
All machines have a staic IP, connected to a HUB which is then connected to a Cisco DSL router. DNS provided by IP. Operating systems include RedHat Linux 8.1, Mac OS 10.3.4, and SuSE Pro 9.1.
Is this what you wanted to know. I will provide more info if needed.
So each machine has only one NIC which is effectively directly connected to the web. This isn't the mose effective, and definitely not the most secure way to do it. It will be next to impossible to make NFS work without opening security holes in your network. I would recommend using one machine as a gateway: Router <=> Gateway <=> hub <=> other machines that way you will only need to run the firewall on the external interface of the gateway and it will protect the entire network - other services run via the other interface and across a private trusted network. Dylan
john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
-- "I see your Schwartz is as big as mine" -Dark Helmet
On Tuesday 07 September 2004 13:13, Dylan wrote:
I would recommend using one machine as a gateway:
Router <=> Gateway <=> hub <=> other machines
that way you will only need to run the firewall on the external interface of the gateway and it will protect the entire network - other services run via the other interface and across a private trusted network.
I have had this discussion once, but thank you for your comments. I chose not to do things this way as the only two other machines that are on all the time are both OS X systems with very strong Firewalls. One is my Web Server and the only open port is the Apache Port. john -- ############################################# # John N. Alegre # Andante Systems # Web Hosting # Web Site Development # www.johnalegre.net #############################################
Ummm... if you are talking about the SuSE Firewall package, then having the internal interface set to none, means that the only rules that will be applied by the firewall will be those define for an external interface... Or are you using the "personal firewall"?
I am using SuSE Firewal with internal interface set to "none". Am I wrong? This should not prevent another box on the LAN to mount exported NFS directories.
The question is... what are you trying to protect with the Firewall, and how many interfaces do you have active? If you have a physical external and a physical internal, then having the internal set to none may be ok. Since I know nothing of your hardware setup, I can not answer your question. - Herman
participants (3)
-
Dylan
-
Herman Knief
-
John N. Alegre