From owner-freebsd-questions@FreeBSD.ORG Wed Jan 25 09:04:18 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 81D8416A41F for ; Wed, 25 Jan 2006 09:04:18 +0000 (GMT) (envelope-from mark@frasa.net) Received: from smtp-out2.tiscali.nl (smtp-out2.tiscali.nl [195.241.79.177]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F24B43D46 for ; Wed, 25 Jan 2006 09:04:18 +0000 (GMT) (envelope-from mark@frasa.net) Received: from [195.241.5.2] (helo=[10.31.11.180]) by smtp-out2.tiscali.nl with esmtp (Tiscali http://www.tiscali.nl) id 1F1gZd-0004av-Fj for ; Wed, 25 Jan 2006 10:04:17 +0100 Message-ID: <43D73F10.70408@frasa.net> Date: Wed, 25 Jan 2006 10:04:16 +0100 From: Mark Frasa User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: nl-NL, nl, en MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: IPFW / NFSD X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2006 09:04:18 -0000 Hello, I am currently running 1 HTTP server on FreeBSD 6.0 Offcourse, like anyone that likes security, i am running IPFW and set the kernel to block by default. Behind that HTTP server i am running 2 Linux boxes. The problem is that when i enable the firewall and openup ports from rpcinfo -p: program vers proto port service 100000 4 tcp 111 rpcbind 100000 3 tcp 111 rpcbind 100000 2 tcp 111 rpcbind 100000 4 udp 111 rpcbind 100000 3 udp 111 rpcbind 100000 2 udp 111 rpcbind 100000 4 local 111 rpcbind 100000 3 local 111 rpcbind 100000 2 local 111 rpcbind 100005 1 udp 668 mountd 100005 3 udp 668 mountd 100005 1 tcp 984 mountd 100005 3 tcp 984 mountd 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs I opened up all these ports but i cant do an ls or write to nfs or whatever. Then i thought maybe it's trying something local so i added: $cmd add 00225 allow ip from 1.2.3.4/24 to any keep-state Even this does not work. Tcpdump shows me that when i have ipfw open, it only communicates with port 2049 and i don't see anything more. Can anybody help me out here? Additional info: { alltid@arcas } uname -a FreeBSD arcas 6.0-RELEASE-p1 FreeBSD 6.0-RELEASE-p1 #2: Wed Jan 4 15:45:38 UTC 2006 markfra@arcas:/usr/obj/usr/src/sys/ARCAS i386 Mark.