[linux] nfs + netfilter

riki phobie na host.sk
Pondělí Leden 28 18:51:27 CET 2002 

no dobre a co tak povolit pomocou iptables established a related 
connectiony?

Martin Mosny, PosTel, a.s. wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> ahojte
> 
> mam jeden dost velky problem. Chcem na pocitaci A rozchodit nfs server,
> chcem aby pocitac B a C si mohli tieto shared directories mountnut.
> 
> Ale na pocitaci A su nastavene netfilter pravidla, to nie je az take zle,
> ale pri restarte nfs sluzby sa menia pouzivane porty.
> 
> \\\\\\\ begin of snip \\\\\\\\\\\\
> [root na A init.d]# rpcinfo -p A
>    program vers proto   port
>     100000    2   tcp    111  portmapper
>     100000    2   udp    111  portmapper
>     100011    1   udp    967  rquotad
>     100011    2   udp    967  rquotad
>     100011    1   tcp    970  rquotad
>     100011    2   tcp    970  rquotad
>     100005    1   udp  33117  mountd
>     100005    1   tcp  41870  mountd
>     100005    2   udp  33117  mountd
>     100005    2   tcp  41870  mountd
>     100005    3   udp  33117  mountd
>     100005    3   tcp  41870  mountd
>     100003    2   udp   2049  nfs
>     100021    1   udp  33118  nlockmgr
>     100021    3   udp  33118  nlockmgr
> 
> [root na A init.d]# /etc/init.d/nfs stop
> Shutting down NFS mountd:                                  [  OK  ]
> Shutting down NFS daemon:                                  [  OK  ]
> Shutting down NFS services:                                [  OK  ]
> Shutting down NFS quotas:                                  [  OK  ]
> 
> [root na A init.d]# /etc/init.d/nfs start
> Starting NFS services:                                     [  OK  ]
> Starting NFS quotas:                                       [  OK  ]
> Starting NFS mountd:                                       [  OK  ]
> Starting NFS daemon:                                       [  OK  ]
> [root na A init.d]# rpcinfo -p A
>    program vers proto   port
>     100000    2   tcp    111  portmapper
>     100000    2   udp    111  portmapper
>     100011    1   udp    630  rquotad
>     100011    2   udp    630  rquotad
>     100011    1   tcp    633  rquotad
>     100011    2   tcp    633  rquotad
>     100005    1   udp  33118  mountd
>     100005    1   tcp  41871  mountd
>     100005    2   udp  33118  mountd
>     100005    2   tcp  41871  mountd
>     100005    3   udp  33118  mountd
>     100005    3   tcp  41871  mountd
>     100003    2   udp   2049  nfs
>     100021    1   udp  33119  nlockmgr
>     100021    3   udp  33119  nlockmgr
> 
> \\\\\\\\\\\\\\end of snip\\\\\\\\\\\\\\\\\\\
> 
> preto tam nie je restart, lebo vznika klamny dojem, ze niektore porty
> ostavaju.
> 
> Odblokovanie portov 2049+111(tcp+udp), nie je postacujuce!!! Source porty
> z pocitaca B a C sa menia!!!! takze ani to nie je spravna cesta.
> 
> Skusal som aj take veci nfswatch a nfstrace, ale nejako nie su portovane
> na linux (len ultrix a podobne).
>

Další informace o konferenci linux