Date: Wed, 25 Jan 2006 16:00:35 +0100 From: Mark Frasa <mark@frasa.net> To: freebsd-questions@freebsd.org Subject: Re: IPFW / NFSD Message-ID: <43D79293.9090509@frasa.net> In-Reply-To: <43D7827A.2050206@mac.com> References: <43D73F10.70408@frasa.net> <43D7827A.2050206@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chuck Swiger schreef: > Mark Frasa wrote: > >>I am currently running 1 HTTP server on FreeBSD 6.0 >> >>Offcourse, like anyone that likes security, i am running IPFW and set >>the kernel to block by default. >> >>Behind that HTTP server i am running 2 Linux boxes. >> >>The problem is that when i enable the firewall and openup ports from >>rpcinfo -p: > > [ ... ] > >>I opened up all these ports but i cant do an ls or write to nfs or >>whatever. > > > You should not be running portmap and NFS on a firewall machine. You should not > attempt to pass NFS or other filesharing through a firewall, except perhaps by > using VPN tunneling. > > If this existing machine needs to do NFS to your other Linux boxes, it should be > placed behind a properly hardened firewall which perhaps uses NAT to forward > HTTP connections inside to it. > Let me explain more into detail; I have: INTERNET FIREWALL/NFSD/HTTPD Machine LINUXBOX LINUXBOX The boxes are on a /24 network and the firewall has 2 ip's 1 for local and 1 for outside connections, but both in the same subnet. I want to use a $secure ip for nfsd and ssh connection, while using @arcas as an ip for port 80 connections What i don't get is when i openup the $secureip for the /24 network i still get timeouts when writing to nfsd. Mark.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43D79293.9090509>