Re: [CentOS] firewalled NFS
of course... On Wed, Jun 4, 2008 at 8:28 PM, mouss [EMAIL PROTECTED] wrote: Jordi Prats wrote: I've no iptables, I'm using a PIX to firewall them :) did you open the ports on the pix? On Wed, Jun 4, 2008 at 1:53 AM, Jay Leafey [EMAIL PROTECTED] wrote: Jordi Prats wrote: Hi, I'm trying to setup a firewalled NFS server. I've configured my server (CentOS 5) using the following parameters /etc/sysconfig/nfs MOUNTD_NFS_V1=no MOUNTD_NFS_V2=no RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 RPCNFSDCOUNT=64 MOUNTD_PORT=892 STATD_PORT=662 STATD_OUTGOING_PORT=2020 SECURE_NFS=yes modprobe.conf: options lockd nlm_udpport=4001 nlm_tcpport=4001 But it does not mount it: # mount 172.20.0.150:/tmp/ /mnt/tmp/ mount: mount to NFS server '172.20.0.150' failed: timed out (giving up). There's anything else I must setup to use fixed ports ? Thanks, It may be an obvious question, but did you open the ports in iptables? I use a similar scheme on my NFS servers to fix the ports and it just doesn't work at ALL unless those ports are opened up in iptables. I use different ports, but here's the lines I inserted into my /etc/sysconfig/iptables file to get NFS working on the server: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT You'll have to alter the '--dports' and '-s' parameters to match the ports and IP address range you are using. Hope that helps! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Jordi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalled NFS
On Fri, Jun 06, 2008 at 08:54:05AM +0200, Jordi Prats wrote: of course... please delete the unneeded lines when you reply as a courtesy to the other subscribers. Thanks, Tru -- Tru Huynh (mirrors, CentOS-3 i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B pgpjGfHGYHWuK.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalled NFS
I've no iptables, I'm using a PIX to firewall them :) On Wed, Jun 4, 2008 at 1:53 AM, Jay Leafey [EMAIL PROTECTED] wrote: Jordi Prats wrote: Hi, I'm trying to setup a firewalled NFS server. I've configured my server (CentOS 5) using the following parameters /etc/sysconfig/nfs MOUNTD_NFS_V1=no MOUNTD_NFS_V2=no RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 RPCNFSDCOUNT=64 MOUNTD_PORT=892 STATD_PORT=662 STATD_OUTGOING_PORT=2020 SECURE_NFS=yes modprobe.conf: options lockd nlm_udpport=4001 nlm_tcpport=4001 But it does not mount it: # mount 172.20.0.150:/tmp/ /mnt/tmp/ mount: mount to NFS server '172.20.0.150' failed: timed out (giving up). There's anything else I must setup to use fixed ports ? Thanks, It may be an obvious question, but did you open the ports in iptables? I use a similar scheme on my NFS servers to fix the ports and it just doesn't work at ALL unless those ports are opened up in iptables. I use different ports, but here's the lines I inserted into my /etc/sysconfig/iptables file to get NFS working on the server: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT You'll have to alter the '--dports' and '-s' parameters to match the ports and IP address range you are using. Hope that helps! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Jordi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalled NFS
Jordi Prats wrote: I've no iptables, I'm using a PIX to firewall them :) did you open the ports on the pix? On Wed, Jun 4, 2008 at 1:53 AM, Jay Leafey [EMAIL PROTECTED] wrote: Jordi Prats wrote: Hi, I'm trying to setup a firewalled NFS server. I've configured my server (CentOS 5) using the following parameters /etc/sysconfig/nfs MOUNTD_NFS_V1=no MOUNTD_NFS_V2=no RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 RPCNFSDCOUNT=64 MOUNTD_PORT=892 STATD_PORT=662 STATD_OUTGOING_PORT=2020 SECURE_NFS=yes modprobe.conf: options lockd nlm_udpport=4001 nlm_tcpport=4001 But it does not mount it: # mount 172.20.0.150:/tmp/ /mnt/tmp/ mount: mount to NFS server '172.20.0.150' failed: timed out (giving up). There's anything else I must setup to use fixed ports ? Thanks, It may be an obvious question, but did you open the ports in iptables? I use a similar scheme on my NFS servers to fix the ports and it just doesn't work at ALL unless those ports are opened up in iptables. I use different ports, but here's the lines I inserted into my /etc/sysconfig/iptables file to get NFS working on the server: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT You'll have to alter the '--dports' and '-s' parameters to match the ports and IP address range you are using. Hope that helps! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] firewalled NFS
Hi, I'm trying to setup a firewalled NFS server. I've configured my server (CentOS 5) using the following parameters /etc/sysconfig/nfs MOUNTD_NFS_V1=no MOUNTD_NFS_V2=no RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 RPCNFSDCOUNT=64 MOUNTD_PORT=892 STATD_PORT=662 STATD_OUTGOING_PORT=2020 SECURE_NFS=yes modprobe.conf: options lockd nlm_udpport=4001 nlm_tcpport=4001 But it does not mount it: # mount 172.20.0.150:/tmp/ /mnt/tmp/ mount: mount to NFS server '172.20.0.150' failed: timed out (giving up). There's anything else I must setup to use fixed ports ? Thanks, -- Jordi ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalled NFS
Jordi Prats wrote: Hi, I'm trying to setup a firewalled NFS server. I've configured my server (CentOS 5) using the following parameters /etc/sysconfig/nfs MOUNTD_NFS_V1=no MOUNTD_NFS_V2=no RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 RPCNFSDCOUNT=64 MOUNTD_PORT=892 STATD_PORT=662 STATD_OUTGOING_PORT=2020 SECURE_NFS=yes modprobe.conf: options lockd nlm_udpport=4001 nlm_tcpport=4001 But it does not mount it: # mount 172.20.0.150:/tmp/ /mnt/tmp/ mount: mount to NFS server '172.20.0.150' failed: timed out (giving up). There's anything else I must setup to use fixed ports ? Thanks, It may be an obvious question, but did you open the ports in iptables? I use a similar scheme on my NFS servers to fix the ports and it just doesn't work at ALL unless those ports are opened up in iptables. I use different ports, but here's the lines I inserted into my /etc/sysconfig/iptables file to get NFS working on the server: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT You'll have to alter the '--dports' and '-s' parameters to match the ports and IP address range you are using. Hope that helps! -- Jay Leafey - Memphis, TN [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
