[opensuse] firewealld and nfs ?
Hi simon,
thanks for the detailed explanation. it makes it more clear for me. so i decided today to asked a question about how to configure firewalld to work korrect with nfs. unfortunately i have not receifed any anwer up to now,
firewalld is brand new to openSUSE, not many people will have any experiences to share. In addition, running nfs over a firewall is a bit unusual, I would say. -- Per Jessen, Zürich (18.4°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am Dienstag, 12. Juni 2018, 19:20:00 CEST schrieb Per Jessen:
Hi simon,
thanks for the detailed explanation. it makes it more clear for me. so i decided today to asked a question about how to configure firewalld to work korrect with nfs. unfortunately i have not receifed any anwer up to now,
firewalld is brand new to openSUSE, not many people will have any experiences to share. In addition, running nfs over a firewall is a bit unusual, I would say.
I've been using firewalld for several years on openSUSE now, so not that new (to me). Also, there is nothing wrong with wanting to have a firewall on the internal interface, 99% of all attacks hit from internal... Anyway, nfs and firewall is perfectly simple as soon as you configure nfs to run ONLY on 2049/TCP instead of the old portmapper mess, and then you just do "firewall-cmd --add-service=nfs --zone=(whatever your interface is in) -- permanent" and you're set. Cheers MH -- gpg key fingerprint: 8029 2240 F4DD 7776 E7D2 C042 6B8E 029E 13F2 C102 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi per hi mathias, thanks for the hints,
Anyway, nfs and firewall is perfectly simple as soon as you configure nfs to run ONLY on 2049/TCP instead of the old portmapper mess, and then you just do
yes, thats the point " tportmapper mess " see my mails in opensuse-support: snip ....that there's a (rpm) package called: firewalld-rpcbind-helper and inside the README.md file of this package i found: ========================= ... snip: While most features of *SuSEfirewall2* have an equivalent in *firewalld* there is one major feature missing: The support for rpcbind based protocols like NFSv3 and ypserv/ypbind. ... snip ===================== regards, simoN (sorry for mailing also private to mathias, i still have not found out how to tell thunderbird to reply only to the list..) www.becherer.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQIcBAEBAgAGBQJbIBs5AAoJEOuDxDCJWQG++6cP/1Ovnycyj3IcEbo7I6N1v1m6 5UChuTdizFS/Chr8MCXIlS9U1Cktpe3KAd47MU7l29sdoSMKtUNkDkTKINCOgnvH a3N72utpvbB8C5KyrItbuBNE1suEcnCKLhViHL7GmGiH2wuvlSfVeQoaVJZCZIir iG/KRuo0esI3PpJFB93X/nCaSnCa1ziFEf0vUAA1SA8Wx+s1zGoim9dr2nUkLo1i 9U/3N/VG3g7YkrKzNqlVLPNMJVs5phzyLVrIu7dGDLiB8qEF2ZYAL1TZThWPNjrF WNSwNg90pcNhdHDOb+mkiNYv3Hcb4TYSWsDhYuGyv+S5cP3sEt72dYunMwH73kHK jjNvzRipFmEpQhepPQzBH0/p/58f8UqGFyUuh3KEHqYJDQabZoGHrwwcoRM83Ag5 L6z50ssH6k6KA5y4feuWswkYKvVCQfi1rhkxq9mQUUMvN969/qS5KcBveoZs0+pB STB7SNsGmxzw50MzoCintdLpyV5cuMdAyQ3eoiFYjaFmzwZLHDGRuQ3hKzxcZuxn YcxInVASYqVOmdhKNAAWM0zXTGUiqhSDhzhchFqPwHoquIAsap/n9/IGJSDqc7g3 9ULwbAM6uEyUogtiU5To4NRAw33pkGU/5KdkA1M7+eGQfXFN1T61zCdclNwXf3Qu bDI1m6cLkqmIhNL3Pbct =74Ul -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-06-12 21:12, Simon Becherer wrote:
(sorry for mailing also private to mathias, i still have not found out how to tell thunderbird to reply only to the list..)
You should have a button that says "reply to list", a bit to the right of the button that says "reply". I have it since years, I do not know if it has to be activated. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.0 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
of the button that says "reply". I have it since years, I do not know if it has to be activated.
no i do not have it, and reply only reply's to private address. maybe newer version of thunderbird will have. this computer will (hopefuully) go in next couple of weeks offline if i got it managed to fix some stuff on new installation (... firewalld, and 2 more virtual machines) simoN Am 12.06.2018 um 21:24 schrieb Carlos E. R.:
On 2018-06-12 21:12, Simon Becherer wrote:
(sorry for mailing also private to mathias, i still have not found out how to tell thunderbird to reply only to the list..)
You should have a button that says "reply to list", a bit to the right of the button that says "reply". I have it since years, I do not know if it has to be activated.
- -- www.becherer.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iQIcBAEBAgAGBQJbIK8qAAoJEOuDxDCJWQG+KiEP/1jebdwLY8Z/7Rw4OmF/BUW+ pIeP5X6seUqBc984Z4mpHEOGaBbjTpRtRiC1zAHSOGkq/vLhyFVnZQAJgx6aVe1H tn/KLs5rlAWGsTgnU8FKeIQTW/8Y/UvQmMokCyml81w66SSxn0OiwdTVw+hasRYb xKrF7HnFwuVXDPgRD7k/XUXfIwa9H/8FECyTQtsQIfkBtdigkh+1FZq+pagHhhAf qHj4Duqkc0g3sZJ6aNQOXREbSS35ukGrid/wmWX9vjCyMSn9iUGNSvhVtKa6wGNJ 2vlPzuyZ0AA2Nc7wcnPgHikS1IHgyjSV7P+D6CF/SzRHxc4n5kMY3IBmw5UqM/3A SQ8jTtY3uRUg8xe+/mgv6SRwhY00D+v0aQDtIh5WsvHgQX0Sfk7hYIzLCKOOJ+Ic 3QWPp06eZqYFDu0A0EOdYojIBmJq2GrbLW8vkjbRqD6jSmxH+BYTktG8H2e9ne0T uyf63I9kskea1rZ94vJg1JZBGCxtwiqSMcWdYq1zOtsGSKGC4/fu4Yho3/aJOlb5 12OV7+bDkzEKRJENa8WzLgj/vIv+ugdjPpH4N6+ggQ5z8Fl/atkw8nX0XvIpXOUm Wh6d8PEM9ETRojlBb2uyKQjZiTGVJfdjEdb3cQM/aS5fdo+6i+W9Rv0EBwCZ+Brg c3LSiawKgKHEVRyai6T0 =d3+v -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-06-13 07:44, Simon Becherer wrote:
Hi,
of the button that says "reply". I have it since years, I do not know if it has to be activated.
no i do not have it, and reply only reply's to private address. maybe newer version of thunderbird will have. this computer will (hopefuully) go in next couple of weeks offline if i got it managed to fix some stuff on new installation (... firewalld, and 2 more virtual machines)
(I see your PGP signature correctly this time :-) ) The feature has existed for many years. But you are using Thunderbird/31.8.0, we are at 52.8... your's is old. Previously it was an addon. It appeared with version 3.0, per the comment in link below, and addon to disable this feature: <https://addons.mozilla.org/en-US/thunderbird/addon/disable-reply-list/> Bugzilla asking for the feature 18 years ago: <https://bugzilla.mozilla.org/show_bug.cgi?id=45715> RESOLVED FIXED in Thunderbird 3.0b3 So your old version should have it, unless disabled. <https://superuser.com/questions/1026789/reply-to-list-in-thunderbird> -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.0 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-06-12 19:20, Per Jessen wrote:
Hi simon,
thanks for the detailed explanation. it makes it more clear for me. so i decided today to asked a question about how to configure firewalld to work korrect with nfs. unfortunately i have not receifed any anwer up to now,
firewalld is brand new to openSUSE, not many people will have any experiences to share. In addition, running nfs over a firewall is a bit unusual, I would say.
No... I do all my ops inside my local network over firewalls on all the machines I control. So nfs over firewalls, of course I do it. With SuSEfirewalld since years. I would also do authentication, but I don't know how. With firewalld, no idea. -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.0 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2018-06-12 19:20, Per Jessen wrote:
Hi simon,
thanks for the detailed explanation. it makes it more clear for me. so i decided today to asked a question about how to configure firewalld to work korrect with nfs. unfortunately i have not receifed any anwer up to now,
firewalld is brand new to openSUSE, not many people will have any experiences to share. In addition, running nfs over a firewall is a bit unusual, I would say.
No...
Yes. Ok, we have now have at least two people who run nfs over a firewall. I still suggest it is unusual. -- Per Jessen, Zürich (17.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-06-12 22:07, Per Jessen wrote:
Carlos E. R. wrote:
On 2018-06-12 19:20, Per Jessen wrote:
Hi simon,
thanks for the detailed explanation. it makes it more clear for me. so i decided today to asked a question about how to configure firewalld to work korrect with nfs. unfortunately i have not receifed any anwer up to now,
firewalld is brand new to openSUSE, not many people will have any experiences to share. In addition, running nfs over a firewall is a bit unusual, I would say.
No...
Yes. Ok, we have now have at least two people who run nfs over a firewall. I still suggest it is unusual.
3 :-) Mathias apparently does. Although my main motivation on using a firewall was to learn how to use it. And the fact that SuSEfirewall2 supports it explicitly means that it was considered important enough to be supported ;-) -- Cheers / Saludos, Carlos E. R. (from openSUSE, Leap 15.0 x86_64 (ssd-test)) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tuesday, 12 June 2018 21:07:11 BST Per Jessen wrote:
Carlos E. R. wrote:
On 2018-06-12 19:20, Per Jessen wrote:
Hi simon,
thanks for the detailed explanation. it makes it more clear for me. so i decided today to asked a question about how to configure firewalld to work korrect with nfs. unfortunately i have not receifed any anwer up to now,
firewalld is brand new to openSUSE, not many people will have any experiences to share. In addition, running nfs over a firewall is a bit unusual, I would say.
No...
Yes. Ok, we have now have at least two people who run nfs over a firewall. I still suggest it is unusual. My HA-cluster nodes are still running susefirewall on all network ports and uses drbd, nfs, pacemaker,corosync, iscsi and firewall session replication between the nodes. I have put off swapping to firewalld so far and now I am feeling more uncomfortable. Oh well I suppose I will eventually bite the bullet and enjoy myself fixing my cluster. I could always turn of the firewall on the data network
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Per Jessen <per@computer.org> [06-12-18 16:08]:
Carlos E. R. wrote:
On 2018-06-12 19:20, Per Jessen wrote:
Hi simon,
thanks for the detailed explanation. it makes it more clear for me. so i decided today to asked a question about how to configure firewalld to work korrect with nfs. unfortunately i have not receifed any anwer up to now,
firewalld is brand new to openSUSE, not many people will have any experiences to share. In addition, running nfs over a firewall is a bit unusual, I would say.
No...
Yes. Ok, we have now have at least two people who run nfs over a firewall. I still suggest it is unusual.
three and I have been doing so for quite some years. cifs also. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Patrick Shanahan wrote:
* Per Jessen <per@computer.org> [06-12-18 16:08]:
Carlos E. R. wrote:
On 2018-06-12 19:20, Per Jessen wrote:
Hi simon,
thanks for the detailed explanation. it makes it more clear for me. so i decided today to asked a question about how to configure firewalld to work korrect with nfs. unfortunately i have not receifed any anwer up to now,
firewalld is brand new to openSUSE, not many people will have any experiences to share. In addition, running nfs over a firewall is a bit unusual, I would say.
No...
Yes. Ok, we have now have at least two people who run nfs over a firewall. I still suggest it is unusual.
three
and I have been doing so for quite some years. cifs also.
Okay, I guess 4-5 users in the same situation makes it slightly less unusual, but never mind - key thing is, plenty of help for Simon's firewalld issue. :-) -- Per Jessen, Zürich (14.2°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Andrew Colvin -
Carlos E. R. -
Mathias Homann -
Patrick Shanahan -
Per Jessen -
Simon Becherer