Date: Thu, 01 Jun 2000 15:19:45 -0700 From: Jon Nelson <chaos@zen.oftheinter.net> To: questions@freebsd.org Subject: nfs + ipfw problem Message-ID: <4.2.0.58.20000601150925.00a50e18@192.168.0.1>
next in thread | raw e-mail | index | archive | help
I was wondering what I need to do to allow nfs on a machine that has a
relatively paranoid firewall set up with ipfw. There is only one machine I
need to access with files on it from the firewalled machine, and since it
is run by me a trust it.
The pertinent parts of my firewall rules are as follows:
fwcmd=/sbin/ipfw
nfssrv=ip of nfs server, on a different subnet
ip=my ip address
${fwcmd} add 90 pass ip from ${nfssrv} to any # allow all access
from nfs server
${fwcmd} add 100 pass tcp from any to any established # allow
established TCP connections
${fwcmd} add 100 pass all from any to any frag # allow fragmented
tcp packets
# ... some bland rules for DNS, ssh, auth, etc..
${fwcmd} add 100 pass icmp from any to ${ip} # \___ allow all ICMP
${fwcmd} add 100 pass icmp from ${ip} to any # /
${fwcmd} add 200 deny log tcp from any to any setup # deny everything
else, and log it for fun and profit
Now, when I try and mount from that machine I get the following error:
NFS Portmap: RPC: Port mapper failure - RPC: Unable to send
The odd thing is, if I change the first rule (90) from ``allow ip from
${nfssrv} to ``allow ip from any'', it works fine... I am stumped.
--jn
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.58.20000601150925.00a50e18>