-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/01/2012 10:39 AM, "Weiergräber, Oliver H." wrote: > Hello, > > I am currently working through setting up NFS with RHEL 6, trying > to arrange with iptables (and SElinux) which, admittedly, I used to > disable in the past.
I am really glad to hear that you're using SELinux, this is great news. You probably want to take a peek at, e.g. http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html and http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html > Am I right thinking that when using NFS4, the one and only thing to > do is open port 2049 in iptables? Take a look at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NFS.html. > Redhat documentation is somwhat unclear with respect to port > requirements: In all examples they recommend to fix and open > several ports assigned by rpcbind, but nfs4 is said to not require > rpcbind at all! I don't know, there's a whole chapter on it at http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-nfs.html Specifically http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-nfs-firewall-config.html talks about doing what you want. Hope this is helpful! - -- Thomas Cameron, RHCA, RHCSS, RHCDS, RHCVA, RHCX Chief Architect, Canada and Central US 512-241-0774 office / 512-585-5631 cell http://people.redhat.com/tcameron/ IRC: choirboy / AIM: rhelguy / Yahoo: rhce_guy /Google+ http://ongpl.us/tdc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9PqGcACgkQmzle50YHwaBvAwCfatk0QmjjRF/LItyznCuZkwpT 1yYAnRUqijFuMU0VdM158zitwWps6Y/c =U8qF -----END PGP SIGNATURE----- _______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
