Mike Fedyk <[EMAIL PROTECTED]> writes: > On Tue, May 08, 2001 at 08:54:26PM -0700, Krzys Majewski wrote: > > I would like to NFS-mount a directory on a remote host located behind > > an > > ipmasq'ing gateway/firewall. The gateway runs 2.2.17, the remote box > > runs 2.4.2, the local box runs SunOS-5.8-i386. I tried adding trivial > > rules to my ipmasq script, copying the ones for sshd and replacing the > > sshd port with whichever port the NFS service uses, but no juice. If I > > remember correctly, the mount on the solaris box fails with "RPC: > > Rpcbind failure - RPC: Unable to receive". Not much on dejanews for > > this one. The remote box is a somewhat customized Debian/potato. > > -chris > Try rpcinfo, if that won't get through, you need to make sure that you let > through the statd port.
Here's what rpcinfo says: [okocim]13:55:34[/etc]$ rpcinfo gw.krzys.com rpcinfo: can't contact rpcbind: : RPC: Unable to receive; errno = Connection refused; System error What's statd? I'm now doing the following on my firewall: /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -i eth0 -s 10.0.0.0/24 -j MASQ /usr/sbin/ipmasqadm portfw -f /usr/sbin/ipmasqadm portfw -a -P tcp -L 24.115.135.172 2222 -R 10.0.0.3 2222 /usr/sbin/ipmasqadm portfw -a -P tcp -L 24.115.135.172 2049 -R 10.0.0.3 2049 /usr/sbin/ipmasqadm portfw -a -P tcp -L 24.115.135.172 111 -R 10.0.0.3 111 The last three correspond to sshd, nfs, and sunrpc, but I have no idea what I'm doing (sshd works, nfs doesn't). > Remember with nfs: > > Anyone can act as any of your users! I would setup a IPsec tunnel for this > myself if I did this at all. What's an IPsec tunnel and how do I set one up? -chris
