From owner-freebsd-questions@FreeBSD.ORG Wed Nov 22 18:34:11 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9A8FD16A403 for ; Wed, 22 Nov 2006 18:34:11 +0000 (UTC) (envelope-from wmoran@collaborativefusion.com) Received: from mx00.pub.collaborativefusion.com (mx00.pub.collaborativefusion.com [206.210.89.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2186043D53 for ; Wed, 22 Nov 2006 18:33:40 +0000 (GMT) (envelope-from wmoran@collaborativefusion.com) Received: from vanquish.pgh.priv.collaborativefusion.com (vanquish.pgh.priv.collaborativefusion.com [192.168.2.61]) (SSL: TLSv1/SSLv3,256bits,AES256-SHA) by wingspan with esmtp; Wed, 22 Nov 2006 13:34:10 -0500 id 000564D8.45649822.00001EC3 Date: Wed, 22 Nov 2006 13:34:09 -0500 From: Bill Moran To: vittorio Message-Id: <20061122133409.f98a8b67.wmoran@collaborativefusion.com> In-Reply-To: <200611221838.04179.vdemart1@tin.it> References: <200611221838.04179.vdemart1@tin.it> Organization: Collaborative Fusion X-Mailer: Sylpheed version 2.2.9 (GTK+ 2.10.6; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: IPFW & NFS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Nov 2006 18:34:11 -0000 In response to vittorio : > I have two FreeBSD 6.1 boxes one of which (IP 10.0.0.1) is an NFS server and > the other one (IP 10.0.0.2) is, among other things, an NFS client sharing > directories with the NFS server. > It all works correctly and I can mount_nfs all the directories from the > server. > BUT, I'm now trying to use an IPFW firewall both on the server and on the > client. My simple aim is to setup connections between the 10.0.0.1 server and > the 10.0.0.2 client ** only **; no connections should be possible with other > clients! > Now I've tried the poor documentation I could find googling with the > keywords "freebsd ipfw nfs" to no avail, I cannot mount_nfs any share on te > client because something goes wrong with RPC. > Concentrating on the client side (no ipfw for the moment on teh server) I > tried the following NFS is difficult to firewall, as it's not guaranteed to use the same ports all the time. The NFS server has options to restrict who can connect, see the man page for exports. Othwerwise, Chuck's advice was good. Additionally, you can debug IPFW using 'ipfw show', and by inserting "log" statements into your ruleset to get more useful feedback. -- Bill Moran Collaborative Fusion Inc.