Mailinglist Archive: opensuse-security (499 mails)

< Previous Next >
Re: [suse-security] NFS-Server and Firewall
  • From: Peter van den Heuvel <peter@xxxxxxxxxxxxxxxx>
  • Date: Tue, 11 Jun 2002 13:20:25 +0200
  • Message-id: <3D05DCF9.170F07E8@xxxxxxxxxxxxxxxx>
> i have to set up an NFS-Server. I want to protect this server with
> SuSEfirewall2. The question is: What ports do I have to open? Of
> course I have to open port 111 (udp,tcp) and 2049 (udp,tcp). But that
> seems not to be enough. Everytime I try to connect to the server the
> client conntects to some other (randomly choosen?) ports (608, 922,
> 1024, ...).
I always explicitly specify portnumbers to be used by RPC services. And
I prefer them to use privileged portnumbers as well (so I added my own
entries to /etc/services). Like:

/sbin/rpc.portmap
/usr/sbin/rpc.mountd --port 635
/usr/sbin/rpc.nfsd --port 636
domainname `cat /etc/defaultdomain`
/usr/sbin/ypserv -p 637
/usr/sbin/ypbind
/usr/sbin/rpc.ypxfrd -p 638
/usr/sbin/rpc.yppasswdd --port 639

Otherwise you have to open an unacceptable range of ports. Besides,
these services are not externally exposed (yes we segment and firewall
our internal network rather strict). It's quite unlikely you would want
to expose NFS and co.

Peter

< Previous Next >
References