[linux] nfs + netfilter

Martin Mosny, PosTel, a.s. mmosny na postel.sk
Pondělí Leden 28 18:57:21 CET 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

su ale nepomaha:((

On Mon, 28 Jan 2002, riki wrote:

> no dobre a co tak povolit pomocou iptables established a related
> connectiony?
>
> Martin Mosny, PosTel, a.s. wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > ahojte
> >
> > mam jeden dost velky problem. Chcem na pocitaci A rozchodit nfs server,
> > chcem aby pocitac B a C si mohli tieto shared directories mountnut.
> >
> > Ale na pocitaci A su nastavene netfilter pravidla, to nie je az take zle,
> > ale pri restarte nfs sluzby sa menia pouzivane porty.
> >
> > \\\\\\\ begin of snip \\\\\\\\\\\\
> > [root na A init.d]# rpcinfo -p A
> >    program vers proto   port
> >     100000    2   tcp    111  portmapper
> >     100000    2   udp    111  portmapper
> >     100011    1   udp    967  rquotad
> >     100011    2   udp    967  rquotad
> >     100011    1   tcp    970  rquotad
> >     100011    2   tcp    970  rquotad
> >     100005    1   udp  33117  mountd
> >     100005    1   tcp  41870  mountd
> >     100005    2   udp  33117  mountd
> >     100005    2   tcp  41870  mountd
> >     100005    3   udp  33117  mountd
> >     100005    3   tcp  41870  mountd
> >     100003    2   udp   2049  nfs
> >     100021    1   udp  33118  nlockmgr
> >     100021    3   udp  33118  nlockmgr
> >
> > [root na A init.d]# /etc/init.d/nfs stop
> > Shutting down NFS mountd:                                  [  OK  ]
> > Shutting down NFS daemon:                                  [  OK  ]
> > Shutting down NFS services:                                [  OK  ]
> > Shutting down NFS quotas:                                  [  OK  ]
> >
> > [root na A init.d]# /etc/init.d/nfs start
> > Starting NFS services:                                     [  OK  ]
> > Starting NFS quotas:                                       [  OK  ]
> > Starting NFS mountd:                                       [  OK  ]
> > Starting NFS daemon:                                       [  OK  ]
> > [root na A init.d]# rpcinfo -p A
> >    program vers proto   port
> >     100000    2   tcp    111  portmapper
> >     100000    2   udp    111  portmapper
> >     100011    1   udp    630  rquotad
> >     100011    2   udp    630  rquotad
> >     100011    1   tcp    633  rquotad
> >     100011    2   tcp    633  rquotad
> >     100005    1   udp  33118  mountd
> >     100005    1   tcp  41871  mountd
> >     100005    2   udp  33118  mountd
> >     100005    2   tcp  41871  mountd
> >     100005    3   udp  33118  mountd
> >     100005    3   tcp  41871  mountd
> >     100003    2   udp   2049  nfs
> >     100021    1   udp  33119  nlockmgr
> >     100021    3   udp  33119  nlockmgr
> >
> > \\\\\\\\\\\\\\end of snip\\\\\\\\\\\\\\\\\\\
> >
> > preto tam nie je restart, lebo vznika klamny dojem, ze niektore porty
> > ostavaju.
> >
> > Odblokovanie portov 2049+111(tcp+udp), nie je postacujuce!!! Source porty
> > z pocitaca B a C sa menia!!!! takze ani to nie je spravna cesta.
> >
> > Skusal som aj take veci nfswatch a nfstrace, ale nejako nie su portovane
> > na linux (len ultrix a podobne).
> >
>
>
>
> _______________________________________________
> http://lists.linux.sk/listinfo/linux
> http://search.lists.linux.sk
>


   IP network administrator
   PosTel, a.s. Kvacalova 53,82108 Bratislava 2
      Tel.: +421-2-50203160, Fax.: +421-2-50203198
   http://www.postel.sk, http://www.globalphone.sk
                  GlobalPhone, As long as you want

- -------------------------------------------------------------------------------

 Warning: I don't wish to receive spam to this address.

 Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu.

- -------------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8VZEE1Nxm72GJflgRAlIZAKCSclQvqCCLKrJBewz7pSZeD4qgwACfQHUU
6QYrhD2EKosMcep5hFgkwRk=
=8Q55
-----END PGP SIGNATURE-----





Další informace o konferenci linux