Could anybody help me with the correct rules to allow a client to connect to an NFS share on my Linux box/firewall?>From what I understand from some howto''s on the net is that there areseveral daemons that are required to make NFS work. Some rules I found in the NFS howto: iptables -A INPUT -f -j ACCEPT -s 192.168.0.45 iptables -A INPUT -s 192.168.0.45 -d 0/0 32765:32768 -p 6 -j ACCEPT iptables -A INPUT -s 192.168.0.45 -d 0/0 32765:32768 -p 17 -j ACCEPT iptables -A INPUT -s 192.168.0.45 -d 0/0 2049 -p 17 -j ACCEPT iptables -A INPUT -s 192.168.0.45 -d 0/0 2049 -p 6 -j ACCEPT iptables -A INPUT -s 192.168.0.45 -d 0/0 111 -p 6 -j ACCEPT iptables -A INPUT -s 192.168.0.45 -d 0/0 111 -p 17 -j ACCEPT But how do I turn this into shorewall rules? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Remco Barendse wrote:> Could anybody help me with the correct rules to allow a client to connect > to an NFS share on my Linux box/firewall? > >>From what I understand from some howto''s on the net is that there are > several daemons that are required to make NFS work. > > Some rules I found in the NFS howto:<rules deleted>> > But how do I turn this into shorewall rules?To allow clients in zone z1 to access an NFS server at address a.b.c.d in z2: ACCEPT z1 z2:a.b.c.d udp 111 ACCEPT z1 z2:a.b.c.d udp 2049 ACCEPT z1 z2:a.b.c.d udp 32700: Thats what I''m using here at any rate. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
Thanx for the super quick reply! Isn''t the last rule a port range and what should be the last port? Thanx again! Remco On Fri, 7 Feb 2003, Tom Eastep wrote:> > > Remco Barendse wrote: > > Could anybody help me with the correct rules to allow a client to connect > > to an NFS share on my Linux box/firewall? > > > >>From what I understand from some howto''s on the net is that there are > > several daemons that are required to make NFS work. > > > > Some rules I found in the NFS howto: > > <rules deleted> > > > > > But how do I turn this into shorewall rules? > > To allow clients in zone z1 to access an NFS server at address a.b.c.d > in z2: > > ACCEPT z1 z2:a.b.c.d udp 111 > ACCEPT z1 z2:a.b.c.d udp 2049 > ACCEPT z1 z2:a.b.c.d udp 32700: > > Thats what I''m using here at any rate. > > -Tom >-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Remco Barendse wrote:> Thanx for the super quick reply! > > Isn''t the last rule a port range and what should be the last port? >It is a perfectly valid port range just the way it is -- the implied last port is 65535. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net