-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ah, sorry, I misunderstood.
Yes, if you're using only nfs4, all you need is 2049, none of the other stuff is needed. Sorry for the confusion. On 03/01/2012 11:46 AM, "Weiergräber, Oliver H." wrote: > Thanks a lot for your quick reply and the links therein. Actually I > did find (and read) those references before, but this introductory > page > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-nfs.html#s1-nfs-how > > contains a statement like: > "NFS version 4 (NFSv4) works through firewalls and on the Internet, > no longer requires an rpcbind service, ..." which made me wonder > whether the steps treating the ports dynamically assigned by > rpcbind might not be relevant if only NFS4 is in use. > > Oliver > > ================================================ PD Dr. Oliver H. > Weiergräber Institute of Complex Systems ICS-6: Structural > Biochemistry Tel.: +49 2461 61-2028 Fax: +49 2461 61-1448 > ================================================ > > > > > ________________________________________ From: > [email protected] [[email protected]] On > Behalf Of [email protected] [[email protected]] Sent: Thursday, > March 01, 2012 5:48 PM To: [email protected] Subject: Re: > [rhelv6-list] NFS and iptables > > On 03/01/2012 10:39 AM, "Weiergräber, Oliver H." wrote: >> Hello, > >> I am currently working through setting up NFS with RHEL 6, >> trying to arrange with iptables (and SElinux) which, admittedly, >> I used to disable in the past. > > I am really glad to hear that you're using SELinux, this is great > news. > > You probably want to take a peek at, e.g. > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Booleans-Booleans_for_NFS_and_CIFS.html > > and > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Mounting_File_Systems-Mounting_an_NFS_File_System.html > > > >> Am I right thinking that when using NFS4, the one and only thing >> to do is open port 2049 in iptables? > > Take a look at > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_NFS.html. > > >> Redhat documentation is somwhat unclear with respect to port >> requirements: In all examples they recommend to fix and open >> several ports assigned by rpcbind, but nfs4 is said to not >> require rpcbind at all! > > I don't know, there's a whole chapter on it at > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/ch-nfs.html > > Specifically > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-nfs-firewall-config.html > > talks about doing what you want. > > Hope this is helpful! > > _______________________________________________ rhelv6-list mailing > list [email protected] > https://www.redhat.com/mailman/listinfo/rhelv6-list > > ------------------------------------------------------------------------------- > > - ------------------------------------------------------------------------------- > Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: > Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. > HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen > Huthmacher Geschaeftsfuehrung: Prof. Dr. Achim Bachem > (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. > Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt > ------------------------------------------------------------------------------- > > - ------------------------------------------------------------------------------- > > Kennen Sie schon unsere app? http://www.fz-juelich.de/app > > _______________________________________________ rhelv6-list mailing > list [email protected] > https://www.redhat.com/mailman/listinfo/rhelv6-list - -- Thomas Cameron, RHCA, RHCSS, RHCDS, RHCVA, RHCX Chief Architect, Canada and Central US 512-241-0774 office / 512-585-5631 cell http://people.redhat.com/tcameron/ IRC: choirboy / AIM: rhelguy / Yahoo: rhce_guy /Google+ http://ongpl.us/tdc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9PwlAACgkQmzle50YHwaCNFQCgwAIg3q1YGjBX0D7Wg2mMSZFm gFMAoKmc2721+RfEmyV+IMc8PD9k4+pi =hKd0 -----END PGP SIGNATURE----- _______________________________________________ rhelv6-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv6-list
