From owner-freebsd-questions@FreeBSD.ORG  Wed Nov 22 17:38:29 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 83B5216A40F
	for <freebsd-questions@freebsd.org>;
	Wed, 22 Nov 2006 17:38:29 +0000 (UTC) (envelope-from vdemart1@tin.it)
Received: from vsmtp12.tin.it (vsmtp12.tin.it [212.216.176.206])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7126743D46
	for <freebsd-questions@freebsd.org>;
	Wed, 22 Nov 2006 17:37:59 +0000 (GMT) (envelope-from vdemart1@tin.it)
Received: from [10.155.100.8] (87.7.236.130) by vsmtp12.tin.it (7.2.072.1)
	(authenticated as vdemart1@tin.it)
	id 452629DE0138C5A9 for freebsd-questions@freebsd.org;
	Wed, 22 Nov 2006 18:38:25 +0100
From: vittorio <vdemart1@tin.it>
To: freebsd-questions@freebsd.org
Date: Wed, 22 Nov 2006 18:38:03 +0000
User-Agent: KMail/1.9.4
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200611221838.04179.vdemart1@tin.it>
Subject: IPFW & NFS
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Nov 2006 17:38:29 -0000

I have two FreeBSD 6.1 boxes one of which (IP 10.0.0.1) is an NFS server and 
the other one (IP 10.0.0.2) is, among other things, an NFS client sharing 
directories with the NFS server.
It all works correctly and I can mount_nfs all the directories from the 
server.
BUT, I'm now trying to use an IPFW firewall both on the server and on the 
client. My simple aim is to setup connections between the 10.0.0.1 server and 
the 10.0.0.2 client ** only **; no connections should be possible with other 
clients!
Now I've tried the poor documentation I could find googling with the 
keywords "freebsd ipfw nfs" to no avail, I cannot mount_nfs any share on te 
client because something goes wrong with RPC.
Concentrating on the client side (no ipfw for the moment on teh server) I 
tried the following

ipfw add 300 allow ip from 10.0.0.1 2049,111,1022 to 10.0.0.2 via fxp0 setup 
keep-state

OR
ipfw add 300 allow ip from 10.0.0.1 to 10.0.0.2  2049,111,1022 via fxp0 setup 
keep-state
  
OR
ipfw add 300 allow ip from 10.0.0.1 2049,111,1022 to me via fxp0 setup 
keep-state

OR
ipfw add 300 allow ip from 10.0.0.1 to me  2049,111,1022 via fxp0 setup 
keep-state

If I disable the firewall it all goes smootly.

Could you please help me?

Ciao
Vittorio