Tibbetts, Ric wrote: >LOL > >Sorry.. Been there, done that. I cut a server off at the knees doing things >like that. >The toughest lesson I had to learn when I first got into Unix many years >ago: "Screw the GUI", do it by hand. Then when something breaks, you know >what it was, and how to fix it. > >vi/iptables is your friend. Don't trust your site security to a GUI, it's >like trusting your 5 year old with a loaded 357. > >JMHO-YMMV > >---------------------------------------------- >Ric Tibbetts >Unix Systems Admin. > >f u cn rd ths u cn gt a gd jb n nx dmnstrtn > > >>-----Original Message----- >>From: Ronald J. Hall [mailto:[EMAIL PROTECTED]] >>Sent: Tuesday, August 13, 2002 2:32 PM >>To: Mandrake Expert List >>Subject: [expert] Bastille killed nfs! :-( >> >> >> >>Well, I had nfs running perfectly, and then (sadly) I ran >>BastilleChooser. >> >>I picked "lax" and "workstation". >> >>Now, I've no longer got nfs. I finally removed all Bastille >>RPMs thru the >>software manager, but I still have no nfs. Its installed, its >>checked under >>services. If I do a rpcinfo -p, I get this: >> >>[root@darkforce darklord]# rpcinfo -p >> program vers proto port >> 100000 2 tcp 111 portmapper >> 100000 2 udp 111 portmapper >> 100024 1 udp 32768 status >> 100024 1 tcp 32768 status >> 600100069 1 udp 797 fypxfrd >> 600100069 1 tcp 799 fypxfrd >> 391002 2 tcp 32769 sgi_fam >> >>I can do a "service nfs restart" and directly run rpc.nfsd >>and then I get: >> >>[root@darkforce darklord]# rpcinfo -p >> program vers proto port >> 100000 2 tcp 111 portmapper >> 100000 2 udp 111 portmapper >> 100024 1 udp 32768 status >> 100024 1 tcp 32768 status >> 600100069 1 udp 797 fypxfrd >> 600100069 1 tcp 799 fypxfrd >> 391002 2 tcp 32769 sgi_fam >> 100005 1 udp 32770 mountd >> 100005 1 tcp 32770 mountd >> 100005 2 udp 32770 mountd >> 100005 2 tcp 32770 mountd >> 100005 3 udp 32770 mountd >> 100005 3 tcp 32770 mountd >> 100003 2 udp 2049 nfs >> 100003 3 udp 2049 nfs >> 100021 1 udp 32771 nlockmgr >> 100021 3 udp 32771 nlockmgr >> 100021 4 udp 32771 nlockmgr >> >>Now, nfs is up and running. Until I reboot. Then I have to go >>thru the same >>thing again. >> >>So my questions are: >> >>How to get nfs auto running at boot up again? >> >>How can a person use Bastille so that it doesn't kill nfs and >>your LAN? >> >>Thanks everyone... >> >>-- >> >> /\ >> >> Dark><Lord >> >> \/ >> >> > > >------------------------------------------------------------------------ > >Want to buy your Pack or Services from MandrakeSoft? >Go to http://www.mandrakestore.com > Well in /etc/Bastille/bastille-firewall.cfg examine these lines
TCP_LOCAL_SERVICES="" You need to put in the ports you want to use locally there, separated by blanks with a colon between low and high for a range Also there is a trusted interface line for LOCAL which will be just lo or loopback change it to include the interface for the local net for portmap/nfs you need "109:111" but I usually trust the whole local net unless it is a workplace environment and use "15:65535" Bastille-Chooser of course makes very very conservative choices. But these guys are right--there is no substitute for knowledge when firewalling. And if you hand edit with one thing at a time (and no need to use vi--there are other editors, use what you are comfortable with but run it out of a su terminal) then the backup file left by the text editor is a traceback to what you had before you made a mistake--so each mistake becomes a learning experience. Civileme
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
