Thanks for the advice! Being a newbie I could really use a little more direction for how to go about setting up such a VPN connection. I really don't have a clue where to start. Pretty much everytthing I do in linux is done by following step-by-step how-to's.
Your help would be greatly appreciated. thanks, john On Sat, 2003-05-31 at 21:57, Michael Torrie wrote: > On Sat, 2003-05-31 at 21:19, John Noll wrote: > > I've been trying to set up nfs for quite some time now. I found a good > > how-to and I've gone through the RedHat documentation. From what I have > > read it seems the only reason I cannot mount the share I've set up on > > the nfs server is the firewall on the server. My nfs server is just my > > desktop running redhat 9. The graphical "security level configuration" > > tool gives me the option to allow services like http, ftp, ssh, etc. but > > I don't see anything about nfs. > > Punching NFS through the firewall is extremely difficult. This is > because NFS doesn't run on a certain port all the time. Instead, the > client usually connects to the Portmapper (which does run on a specific > port) and asks for the nfs port. Then it connects to that. Since the > NFS port is always different, you have to write a script that queries > the portmapper for the NFS port and then opens up a hole for that. This > is commonly done to allow some nfs access into a DMZ, for example. > Apparently Ed Schaller has written scripts to do this before. > > I would highly avoid punching nfs through the firewall. NFS is > extremely insecure and you cannot trust the clients. > > The most secure way to connect machine a to machine b's nfs through a > firewall is, in my opinion, to set up a VPN connection (say using CIPE, > which RH9's wizard supports). > > > Michael > > > > > I've seen a lot of posts about firewalls over the past few months and it > > seems pretty daunting. I'm just trying to change the configuration > > enough to allow my desktop to mount an nfs share hosted on my desktop. > > > > Any help? > > > > thank you, > > > > john > > > > > > _______________________________________________ > > newbies mailing list > > [EMAIL PROTECTED] > > http://phantom.byu.edu/cgi-bin/mailman/listinfo/newbies > > _______________________________________________ > newbies mailing list > [EMAIL PROTECTED] > http://phantom.byu.edu/cgi-bin/mailman/listinfo/newbies _______________________________________________ newbies mailing list [EMAIL PROTECTED] http://phantom.byu.edu/cgi-bin/mailman/listinfo/newbies
