Can't you just allow udp from you nfs server ip?
in rc.firewall:
${fwcmd} add pass udp from ${ip} to NFS-SERVER
${fwcmd} add pass udp from NFS-SERVER to ${ip}
Milan
On Thu, 10 May 2001, Cy Schubert - ITSD Open Systems Group wrote:
> In message <[EMAIL PROTECTED]>, Alfred Perlstein
> writes:
> > * Sam <[EMAIL PROTECTED]> [010509 17:32] wrote:
> > > does anyone know what rules one needs to get nfs through ipfw?
> > >
> > > thank you so much, Sam
> >
> > Please do a web search, the way RPC services are done it's a difficult
> > task to acomplish.
>
> Not only difficult but leaves large enough holes in your firewall to
> drive a Mack truck though it.
>
> Even if you could mitigate the holes in your firewall, the NFS protocol
> is extremely insecure which can lead to total compromise of your site.
> If both sites are trusted, e.g. managed by you personally, you could
> set up a VPN tunnel between both sites and route your NFS traffic
> through it. Having said that, I personally don't even allow NFS
> traffic through my VPN tunnels, as I try to keep sites as separate as
> possible reducing the risk of total compromise, should one of the sites
> be compromised, by containing any damage to only one site and if I can
> to one machine.
>
>
> Regards, Phone: (250)387-8437
> Cy Schubert Fax: (250)387-5766
> Team Leader, Sun/Alpha Team Internet: [EMAIL PROTECTED]
> Open Systems Group, ITSD, ISTA
> Province of BC
>
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-stable" in the body of the message
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
