Hello,
I also want to firewall an nfs server. The box that it's running on uses
pf, it's a 6.2 box. I've got tcp port 2049 open, and am not sure what else
to open or what other daemons to start. I'm also uncertain as to whether
FreeBSD uses nfs v3 or v4? I want to export home directories to five or six
different linux machines, some ubuntu and most centos5 and i remember
vaguely reading about nfs v4. If anyone has this working i'd appreciate
pointers.
Thanks.
Dave.
----- Original Message -----
From: "Bruce M. Simpson" <[EMAIL PROTECTED]>
To: "Eygene Ryabinkin" <[EMAIL PROTECTED]>
Cc: <freebsd-net@FreeBSD.org>; "Jeremie Le Hen" <[EMAIL PROTECTED]>
Sent: Friday, June 15, 2007 1:47 PM
Subject: Re: Firewalling NFS
Eygene Ryabinkin wrote:
NFSD binds to the port nfsd (2049) and for my -CURRENT both lockd
and statd have '-p' options:
-----
$ man rpc.lockd rpc.statd | grep -- -p
rpc.lockd [-d debug_level] [-g grace period] [-p port]
-p The -p option allow to force the daemon to bind to the
specified
rpc.statd [-d] [-p port]
-p The -p option allow to force the daemon to bind to the
specified
-----
Are we talking about same entities?
I added the -p switch to mountd(8) a few years ago, as I needed to run a
read-only NFS server exposed to the outside world; to firewall it I needed
a deterministic RPC port number, which is what -p gives you. Otherwise you
have to rely on the TCP wrapper support built into rpcbind(8). The
rpc.lockd and rpc.statd daemons were recently changed to incorporate this
switch too, although I don't think it has been backported to the 6-STABLE
branch yet.
Regards,
BMS
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
