[opensuse] How does one open the suse-firewall for NFS-SERVER?
Hi, I have: FW_SERVICES_EXT_RPC="nfs" FW_CONFIGURATIONS_EXT="nfs-client nfs-server" SuSEfirewall2 complains: Sep 25 02:48:52 nimrodel SuSEfirewall2: Warning: config 'nfs-server' not available And the firewall blocks the connections: Sep 25 02:43:02 nimrodel kernel: [344636.301083] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:21:85:16:2d:0b:08:00 SRC=192.168.1.14 DST=192.168.1.12 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=836 DPT=55792 LEN=48 Sep 25 02:46:21 nimrodel kernel: [344835.322713] SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:40:f4:2e:b1:21:00:21:85:16:2d:0b:08:00 SRC=192.168.1.14 DST=192.168.1.12 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=668 DPT=55651 LEN=48 The port changes, so I can't open it by a rule. I have services rcrpcbind, rcnfsserver, and rcnfs running. Notice: EXT is not external. Needless to say, it works if I drop the firewall in the server. How do I configure the firewall to get the nfs server working? It need to open certain variable port each time, dynamically. -- Cheers, Carlos E. R. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Hi, On 09/25/2010 03:01 AM, Carlos E. R. wrote:
Hi,
I have:
FW_SERVICES_EXT_RPC="nfs" FW_CONFIGURATIONS_EXT="nfs-client nfs-server"
SuSEfirewall2 complains:
Sep 25 02:48:52 nimrodel SuSEfirewall2: Warning: config 'nfs-server' not available
So is there a nfs-server config file at /etc/sysconfig/SuSEfirewall2.d/services/ Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2010-09-25 at 10:14 +0200, Togan Muftuoglu wrote:
On 09/25/2010 03:01 AM, Carlos E. R. wrote:
Hi,
I have:
FW_SERVICES_EXT_RPC="nfs" FW_CONFIGURATIONS_EXT="nfs-client nfs-server"
SuSEfirewall2 complains:
Sep 25 02:48:52 nimrodel SuSEfirewall2: Warning: config 'nfs-server' not available
So is there a nfs-server config file at /etc/sysconfig/SuSEfirewall2.d/services/
No, there is no such file, on three 11.2 I looked, nor at at a 11.1 install. Looking at a backup of 11.0... no, not there :-( It must have dissapeared long time ago :-( - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEUEARECAAYFAkyeQdAACgkQtTMYHG2NR9VLBgCXR25OnSt2YKEC4uF5Q6LVGrE1 VQCfR3nxJuj/e8FwmVM62Wid0O91APY= =Z7Yf -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
* Carlos E. R. <robin.listas@telefonica.net> [09-25-10 14:42]:
On Saturday, 2010-09-25 at 10:14 +0200, Togan Muftuoglu wrote:
On 09/25/2010 03:01 AM, Carlos E. R. wrote:
Hi,
I have:
FW_SERVICES_EXT_RPC="nfs" FW_CONFIGURATIONS_EXT="nfs-client nfs-server"
SuSEfirewall2 complains:
Sep 25 02:48:52 nimrodel SuSEfirewall2: Warning: config 'nfs-server' not available
So is there a nfs-server config file at /etc/sysconfig/SuSEfirewall2.d/services/
No, there is no such file, on three 11.2 I looked, nor at at a 11.1 install. Looking at a backup of 11.0... no, not there :-(
It must have dissapeared long time ago :-(
ll.2 14:46 wahoo:~ > l /etc/sysconfig/SuSEfirewall2.d/services/nfs-client -rw-r--r-- 1 root root 707 2009-11-26 12:39 /etc/sysconfig/SuSEfirewall2.d/services/nfs-client -- Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://counter.li.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/25/2010 08:39 PM, Carlos E. R. wrote:
SuSEfirewall2 complains:
Sep 25 02:48:52 nimrodel SuSEfirewall2: Warning: config 'nfs-server' not available
So is there a nfs-server config file at /etc/sysconfig/SuSEfirewall2.d/services/
No, there is no such file, on three 11.2 I looked, nor at at a 11.1 install. Looking at a backup of 11.0... no, not there :-(
It must have dissapeared long time ago :-(
That is what I thought cause I haven't seen it at all. I guess you need to lock down ports and then allow them through the firewall. HTH Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 09/25/2010 09:29 PM, Togan Muftuoglu wrote:
That is what I thought cause I haven't seen it at all. I guess you need to lock down ports and then allow them through the firewall.
Himm, nfs-kernel-server from 11.3 has this maybe it works for you, I can't test it as I don't run an nfs-server ## Description: Firewall Configuration for NFS kernel server. # # Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed. # More may be supported in the future. # # For a more detailed description of the individual variables see # the comments for FW_SERVICES_*_EXT in /etc/sysconfig/SuSEfirewall2 # ## Name: NFS Server Service ## Description: Opens ports for NFS to allow other hosts to connect. # space separated list of allowed TCP ports TCP="" # space separated list of allowed UDP ports UDP="" # space separated list of allowed RPC services RPC="portmap status nlockmgr mountd nfs nfs_acl" # space separated list of allowed IP protocols IP="" # space separated list of allowed UDP broadcast ports BROADCAST="" -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 25 September 2010 21:29:52 Togan Muftuoglu wrote:
On 09/25/2010 08:39 PM, Carlos E. R. wrote:
SuSEfirewall2 complains:
Sep 25 02:48:52 nimrodel SuSEfirewall2: Warning: config 'nfs-server' not available
So is there a nfs-server config file at /etc/sysconfig/SuSEfirewall2.d/services/
No, there is no such file, on three 11.2 I looked, nor at at a 11.1 install. Looking at a backup of 11.0... no, not there :-(
It must have dissapeared long time ago :-(
That is what I thought cause I haven't seen it at all. I guess you need to lock down ports and then allow them through the firewall.
HTH
Togan
I have a router with 21 and 80 open on 192.168.0. You can check a box for it to do port forwarding in Yast. A box behind that does the nfs on 192.168.1.. I didn't need to do anything on the firewall to get nfs working. I didn't change anything on the internal ports. Maybe I should. L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2010-09-25 at 22:01 +0200, lynn wrote:
I have a router with 21 and 80 open on 192.168.0. You can check a box for it to do port forwarding in Yast. A box behind that does the nfs on 192.168.1.. I didn't need to do anything on the firewall to get nfs working. I didn't change anything on the internal ports. Maybe I should.
No, I'm using NFS to move backups and things in my internal network. I just call it "EXT" as an extra precaution, I can't trust that much a router that never got a single update in years (manufacturers and ISPs don't care). I'm not using NFS on internet. My problem is the susefirewall, and I got it solved :-) - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAkyeXCYACgkQtTMYHG2NR9XnewCfQfnjXjiQpNFz2Sc3WcFV/hMD yCcAoJImDksrzlIJ3Co1rDXAcvgt2oPC =0lwB -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday, 2010-09-25 at 21:29 +0200, Togan Muftuoglu wrote:
On 09/25/2010 08:39 PM, Carlos E. R. wrote:
So is there a nfs-server config file at /etc/sysconfig/SuSEfirewall2.d/services/
No, there is no such file, on three 11.2 I looked, nor at at a 11.1 install. Looking at a backup of 11.0... no, not there :-(
It must have dissapeared long time ago :-(
That is what I thought cause I haven't seen it at all. I guess you need to lock down ports and then allow them through the firewall.
Which is a real pain. I have seen instead a "nfs-kernel-server" file. I will try that one. [...] Yes, it works. For now... On other ocassions, I also thought that nfs worked. Then I have to use it again, and it fails. It is a pain. I hope I got it this time! The documentation is thus wrong: ## Type: string # # Which services _on the firewall_ should be accessible from # untrusted networks? # # Packages can drop a configuration file that specifies all required # ports into /etc/sysconfig/SuSEfirewall2.d/services. That is handy for # services that require multiple ports or protocols. Enter the space # separated list of configuration files you want to load. # # The content of those files is merged into # FW_SERVICES_$zone_$protocol, ie has precedence over # FW_SERVICES_ACCEPT_* # # Example: "samba-server nfs-server" .........................XXXXXXXXXXXXXX I just wrote a Bugzilla. - -- Cheers, Carlos E. R. (from 11.2 x86_64 "Emerald" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) iEYEARECAAYFAkyeV3YACgkQtTMYHG2NR9WhMwCbB0h3wPa5CFAemtqJrPlIoDfU 3NYAn0sETpEXMO/TN8ScimMDHgjOdZQi =D0Cf -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (5)
-
Carlos E. R. -
Carlos E. R. -
lynn -
Patrick Shanahan -
Togan Muftuoglu