RE: NFS

Thu, 13 Jan 2000 03:39:30 -0800 

> Date: Wed, 12 Jan 2000 14:25:32 -0500
> From: "Ivan Fox" <[EMAIL PROTECTED]>
> Subject: NFS
>
> Is it secure to have NFS traffic between DMZ and behind firewall?  What >
are the ports used by NFS?
>
> Any comments/suggestions are welcome.
>
> Thanks,
>
> Ivan

Hello mr Fox and firewall fellows,

I suggest that you do not share filesystems to the untrustable
networks. And if you have to do it use encryptation. If you
are going to share files which has anything confidential it is 
just better not to do it. In this case confidential is
everything what you do not want to end up to Willy the Cracker
it self _and_ configurations _and_ information about systems
behind your firewall.

Usually there is better ways to share files than nfs. One way
to do it is copy what is needed by manually to DMZ. Other good
suggestion is encrypted ftp. Use your imagination how to
transfer files and you probably come up with something much
better than nfs.

The port... it is not so trivial as you might think. First
you should tell us which nfs you are using. Then I or any
other person can find if from following list (if we are
lucky):

9pfs              564/tcp    plan 9 file service
9pfs              564/udp    plan 9 file service
nfsd-status       1110/tcp   Cluster status info
nfsd-keepalive    1110/udp   Client status info
picknfs           1598/tcp   picknfs
picknfs           1598/udp   picknfs
nfs               2049/tcp   Network File System - Sun Microsystems
nfs               2049/udp   Network File System - Sun Microsystems
3d-nfsd           2323/tcp   3d-nfsd
3d-nfsd           2323/udp   3d-nfsd
mediacntrlnfsd    2363/tcp   Media Central NFSD 
mediacntrlnfsd    2363/udp   Media Central NFSD
fsportmap         4349/tcp   File System Port Map
fsportmap         4349/udp   File System Port Map
afs3-fileserver 7000/tcp   file server itself
afs3-fileserver 7000/udp   file server itself
afs3-callback   7001/tcp   callbacks to cache managers
afs3-callback   7001/udp   callbacks to cache managers
afs3-prserver   7002/tcp   users & groups database
afs3-prserver   7002/udp   users & groups database
afs3-vlserver   7003/tcp   volume location database
afs3-vlserver   7003/udp   volume location database
afs3-kaserver   7004/tcp   AFS/Kerberos authentication service
afs3-kaserver   7004/udp   AFS/Kerberos authentication service
afs3-volser       7005/tcp   volume managment server
afs3-volser       7005/udp   volume managment server
afs3-errors       7006/tcp   error interpretation service
afs3-errors       7006/udp   error interpretation service
afs3-bos          7007/tcp   basic overseer process
afs3-bos          7007/udp   basic overseer process
afs3-update       7008/tcp   server-to-server updater
afs3-update       7008/udp   server-to-server updater
afs3-rmtsys       7009/tcp   remote cache manager service
afs3-rmtsys       7009/udp   remote cache manager service

Thous ports and meny others you can find from
http://www.isi.edu/in-notes/iana/assignments/port-numbers

Best regards
Sami

===
         (__) Sami Kerola
         (oo) RTT Ohjelmistopankki Oy
  /-------\/  Rantakatu 8        phone  +358 8  2104210
 / |     ||   92100 RAAHE        mobile +358 50 3438138
*  ||----||   FINLAND            fax    +358 8  2104201
   ^^    ^^   http://www.ohjelmistopankki.fi/
  My PGP key  http://www.pgp.net/wwwkeys.html

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
  • NFS Ivan Fox
    • Sami Kerola

Reply via email to