Date: Wed, 25 Jan 2006 08:51:54 -0500 From: Chuck Swiger <cswiger@mac.com> To: Mark Frasa <mark@frasa.net> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW / NFSD Message-ID: <43D7827A.2050206@mac.com> In-Reply-To: <43D73F10.70408@frasa.net> References: <43D73F10.70408@frasa.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Frasa wrote: > I am currently running 1 HTTP server on FreeBSD 6.0 > > Offcourse, like anyone that likes security, i am running IPFW and set > the kernel to block by default. > > Behind that HTTP server i am running 2 Linux boxes. > > The problem is that when i enable the firewall and openup ports from > rpcinfo -p: [ ... ] > I opened up all these ports but i cant do an ls or write to nfs or > whatever. You should not be running portmap and NFS on a firewall machine. You should not attempt to pass NFS or other filesharing through a firewall, except perhaps by using VPN tunneling. If this existing machine needs to do NFS to your other Linux boxes, it should be placed behind a properly hardened firewall which perhaps uses NAT to forward HTTP connections inside to it. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43D7827A.2050206>