"Andres Betancourt E." wrote: > The answer to ipchains-save is: > :input ACCEPT > :forward DENY > :output ACCEPT > Saving `forward'. > -A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ > -A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ > > this is correct? Yes, and no. While this set of rules isn't causing your NFS problems, it is unlikely that it is correct. I'll get into why at the bottom of this message.
IPCHAINS isn't causing your NFS problems. Could you please run 'netstat -l | grep nfs'? This command asks for a list of all network connections that at in the LISTEN state, listed by name, filtering out all connections that don't involve nfs. You should get a single line in response that looks like this: udp 0 0 *:nfs *:* If you don't get this line, NFS isn't listening. Let's check this first. Going back to the ipchains problem: If this machine is connected directly to an untrusted network (like the Internet), you need to add rules to block dangerous traffic. If it's connected to two trusted networks, you probably don't the need the MASQ lines. If it's connected to only one network, you don't need the MASQ lines. - From this output, we can see that ipchains isn't causing your NFS problem, since this setup leaves you wide open to all traffic coming from anywhere. - It also shows us that if /proc/sys/net/ipv4/ip_forward has a 1 in it, then forwarded traffic (that is, traffic that comes from other machines and isn't addressed to your machine) will be re-written to appear as if it came from your machine. This is correct if you are trying to hide the IP addresses on one network from machines on the second network; normally, you would do this only when one of the two networks wasn't trusted. --> I recommend you read up on firewalling. The IPCHAINS-HOWTO at the Linux Documentation Project at http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html is a good start. <-- Regard, David Johnston _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net
