On Tuesday 10 April 2001 04:39, Robert Voigt wrote: To restart daemons just use the scripts in /etc/init.d/
like this #/etc/init.d/portmap restart The server needs the following daemons running: portmap, nfs-common, nfs-server The client needs portmap and nfs-common My question is, can you mount the nfs share remotely when the entry in /etc/hosts.deny is removed, and in /etc/hosts.allow you put "ALL: ALL"? I would suggest using ipchains to block nfs and rpc from the outside, like this, where 192.168.1.1 is your machines **external** interface (i.e., the one connected to the world): ipchains -A input -l -p tcp -s 0/0 -d 192.168.1.1 111 -j DENY ipchains -A input -l -p udp -s 0/0 -d 192.168.1.1 111 -j DENY ipchains -A input -l -p tcp -s 0/0 -d 192.168.1.1 2049 -j DENY ipchains -A input -l -p udp -s 0/0 -d 192.168.1.1 2049 -j DENY remove the "-l" if you don't want log entries. > Thank you all who gave advice on /etc/hosts.deny. I just put in the line > portmap: ALL > which I found in the NFS HOWTO and it worked. I tried that before I asked > for advice and it didn't work. Maybe I had a bad day. > Now I can't mount anything on this machine from the other one on the LAN, > and I hope this will prevent anyone from the outside world to break into my > system, because that's why I do it. > To allow the other machine on the LAN access to mine again I put the line > portmap: 192.168.1.0/255.255.255.0 > in /etc/hosts.allow > but the other machine still can't mount anything. It gets the error message > mount: RPC: program not registered > just like with an empty /etc/hosts.allow. > I took this from the NFS HOWTO, section 6.3 again. > 192.168.1.0 is the network and 255.255.255.0 is the netmask in > /etc/network/interfaces under eth0 on both machines. > So how can I allow the other machine in my network to access mine without > allowing anyone from the internet to break in? -- Tim Kelley [EMAIL PROTECTED]
