[Gllug] NFS across firewall
Xander D Harkness
xander at harkness.co.uk
Mon Jun 9 11:01:54 UTC 2003
On Monday 09 June 2003 11:14, Mick Farmer wrote:
> Dear Richard,
>
> I have exactly this problem. The original mount appears to
> come from a random port, so I can't build it into my IP
> tables. My inelegant solution is to stop the firewall,
> perform the mount, then re-start the firewall.
>
> Please let me know if you find a better solution.
>
Have a look at the docs.
This is from the O'Reilly NIS / NFS book:
mount command
mount -o proto=tcp,public nfs.eisler.com:/export/home/mre /mre
This is after allowing tcp port 2049 in your firewall
The proto=tcp option forces mount to use the TCP/IP protocol. Firewalls
prefer to deal with TCP because it establishs the state that the firewall can
use to know if a TCP segment from the outside is a response from an external
server or a call from an external client.
The 'public' option does the following:
Bypasses the portmapper entirely and always contacts the NFS server port on
2049 (or a different port if the port= option is specified to the mount
command) It sends a NULL ping to the NFS Version 3 server first, and if that
fails, tries the NFS Version 2 server next.
Makes the NFS client contact the NFS server directory to get an initial file
handle
Marks the NFS mounts with the llock option. This is an undocumented mount
option that says to handle all locking requests for the file on the NFS
filesystem locally.
Please also note that while the NFS server normally listens on 2049 you can
specify when you start the NFS server to listen only for TCP rather than UDP
and TCP, and lock it to a specific port.
Have fun.
Xander
> Regards,
>
> Mick /"\
> \ /
> Linux Registered X ASCII Ribbon Campaign
> User #287765 / \ Against HTML Mail
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list