Firewall Wizards mailing list archives

Configuring firewall with nfs - problem!

From: Johan Glimming <glimming () nada kth se>
Date: Mon, 19 May 2003 14:12:46 +0200 (CEST)

Dear All,

I have a problem with my Redhat 9 installation. I am trying to enable NFS 
but the respective ports are rejected. This is the contents of my 
/etc/sysconfig/iptables, i.e. the firewall rules:

# Enable NFS, Webb, FTP, SSH for sputnik 
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT

# NFS rules
-A INPUT -f -j ACCEPT -s 192.168.0.5
-A INPUT -s 192.168.0.5 -p tcp -m tcp --dport 32765:32768 -j ACCEPT
-A INPUT -s 192.168.0.5 -p udp -m udp -d 0/0 --dport 32765:32768 -i eth0 -j ACCEPT
-A INPUT -s 192.168.0.5 -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -s 192.168.0.5 -p udp -m udp -d 0/0 --dport 2049 -i eth0 -j ACCEPT
-A INPUT -s 192.168.0.5 -p tcp -m tcp --dport 111 -j ACCEPT
-A INPUT -s 192.168.0.5 -p udp -m udp --dport 111 -j ACCEPT

# Other rules
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 10.0.0.1 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 10.0.0.2 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT

As you see, the server is 192.168.0.4 and the client is 192.168.0.5. I 
want to set up rules such that only the client 192.168.0.5 can access NFS 
in my 192.168.0.4 server, hence the -s parameters.

I appreciate some help,
Johan 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Configuring firewall with nfs - problem! Johan Glimming (May 19)
- Re: Configuring firewall with nfs - problem! R. DuFresne (May 20)
- Re: Configuring firewall with nfs - problem! Luca Berra (May 20)