On Wed, May 09, 2001 at 02:12:38PM -0700, Chris Majewski wrote: > Mike Fedyk <[EMAIL PROTECTED]> writes: > > > Try rpcinfo, if that won't get through, you need to make sure that you let > > through the statd port. > > Here's what rpcinfo says: > [okocim]13:55:34[/etc]$ rpcinfo gw.krzys.com > rpcinfo: can't contact rpcbind: : RPC: Unable to receive; errno = Connection > refused; System error > > What's statd? I'm now doing the following on my firewall: > > /sbin/ipchains -P forward DENY > /sbin/ipchains -A forward -i eth0 -s 10.0.0.0/24 -j MASQ > /usr/sbin/ipmasqadm portfw -f > /usr/sbin/ipmasqadm portfw -a -P tcp -L 24.115.135.172 2222 -R 10.0.0.3 2222 > /usr/sbin/ipmasqadm portfw -a -P tcp -L 24.115.135.172 2049 -R 10.0.0.3 2049 > /usr/sbin/ipmasqadm portfw -a -P tcp -L 24.115.135.172 111 -R 10.0.0.3 111 > > The last three correspond to sshd, nfs, and sunrpc, but I have no idea > what I'm doing (sshd works, nfs doesn't). >
Until you know how to use these tools, you shouldn't even try to do this: lsof netstat tcpdump nfs protocol and security considerations. You are holding open a big guarage door that's screaming "HACK ME! I WANT TO GIVE ALL OF MY FILES AWAY, AND HAVE YOU DELETE THEM AFTERWARDS!" You realize that nfs is worse than using telnet(over the internet), right? > > Remember with nfs: > > > > Anyone can act as any of your users! I would setup a IPsec tunnel for this > > myself if I did this at all. > > What's an IPsec tunnel and how do I set one up? > www.freeswan.org You need to know how to compile your own kernel, use tcpdump, and debug network issues. You can get help from the freeswan guys, but you should pick up a networking book and read it NOW. Post more about what you really want to achieve, and maybe we can help you pick another solution that is more secure. Mike