Hiya! I'm thinking about setting up NIS or NFS communications between two servers. The problem is that there's a firewalling router sitting in between and that one doesn't allow dynamic port assignments. So, is there any way to "lock" the protocols to certain port uses? In Novell NetWare 6.5 all NFS/NIS ports are fixed, so that's no problem, but I can't find any relevant info about SuSE Linux. Or, is there a software firewall that DO support dynamic port assignment? Anders Norrbring
* Anders Norrbring;
Hiya!
I'm thinking about setting up NIS or NFS communications between two servers. The problem is that there's a firewalling router sitting in between and that one doesn't allow dynamic port assignments.
So, is there any way to "lock" the protocols to certain port uses? In Novell NetWare 6.5 all NFS/NIS ports are fixed, so that's no problem, but I can't find any relevant info about SuSE Linux.
you may consider to have alook at this posting, it is for 7.3 though http://www.lowth.com/LinWiz/nfs_help_suse.php
Or, is there a software firewall that DO support dynamic port assignment?
You can tweak susefirewall2 with /etc/sysconfig/scripts/susefirewal2-custom FW_ALLOW_NFS="" # These ports will be opened for access by the given host # (showmount -e seems to use tcp ports around 1200 damn... allow_nfs_ports_in() { echo " $1,tcp,111 $1,udp,111 $1,udpdp,2049 $1,udp,600:1399 $1,udp,2100:2499 " } if [ -n "$FW_ALLOW_NFS" -a "$FW_ALLOW_NFS" != no ]; then for host in $FW_ALLOW_NFS; do addnet=( `allow_nfs_ports_in $host` ) FW_TRUSTED_NETS="$FW_TRUSTED_NETS ${addnet[@]}" done echo "FW_TRUSTED_NETS=$FW_TRUSTED_NETS" fi It allows those ports on all interfaces, not just the one you want - if you only have one, fine. Those udp ports are a guess - security won't be much worse by just allowing 600:6000. If your mounts suddenly hang (or the mount times out) check this. It doesn't allow for your MAC address checking. -- Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC. Nisi defectum, haud refiecendum
participants (2)
-
Anders Norrbring
-
Togan Muftuoglu