Date: Tue, 29 Nov 2005 22:12:20 -0500 From: Chuck Swiger <cswiger@mac.com> To: "Aaron P. Martinez" <ml@proficuous.com> Cc: freebsd-questions@freebsd.org Subject: Re: pf blocking nfs Message-ID: <438D1894.90500@mac.com> In-Reply-To: <60336.192.168.3.69.1133319528.squirrel@webmail.proficuous.com> References: <60336.192.168.3.69.1133319528.squirrel@webmail.proficuous.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Aaron P. Martinez wrote:
> I am running FreeBSD 6.0-release and setting up a very basic firewall
> using pf on my workstation. The ruleset is as follows:
>
> block in log all
> pass quick on lo0 all
> #pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
> pass out on fxp0 proto { tcp, udp, icmp } all keep state
Your firewall config is not enough to permit NFS to pass. You might
consider adding a "pass all" rule for machines on the local subnet.
[ Perhaps you should re-evaluate your network so that you do not attempt
to pass NFS through the firewall. If you have to do filesharing between
machines over an untrusted connection, should should consider a VPN or
SSH tunnel approach instead. ]
--
-Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?438D1894.90500>