From owner-freebsd-questions@FreeBSD.ORG  Sun Apr  3 18:48:26 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4B20416A4CE
	for <freebsd-questions@freebsd.org>;
	Sun,  3 Apr 2005 18:48:26 +0000 (GMT)
Received: from top.daemonsecurity.com (FW-182-254.go.retevision.es
	[62.174.254.182])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C9BBF43D2F
	for <freebsd-questions@freebsd.org>;
	Sun,  3 Apr 2005 18:48:25 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [192.168.0.32] (charm.daemonsecurity.com [192.168.0.32])
	by top.daemonsecurity.com (Postfix) with ESMTP id 963CAFE642;
	Sun,  3 Apr 2005 20:48:24 +0200 (CEST)
Message-ID: <42503A76.20309@locolomo.org>
Date: Sun, 03 Apr 2005 20:48:22 +0200
From: =?UTF-8?B?RXJpayBOw7hyZ2FhcmQ=?= <norgaard@locolomo.org>
Organization: Locolomo.ORG
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.5) Gecko/20050314
X-Accept-Language: en, en-us, en-gb, da, fr, de, it, es
MIME-Version: 1.0
To: Matt Juszczak <matt@atopia.net>
References: <424F8B94.7050006@atopia.net> <424FCDD3.6040507@locolomo.org>
	<425030A0.4000809@atopia.net>
In-Reply-To: <425030A0.4000809@atopia.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-questions@freebsd.org
Subject: Re: IPFILTER and NFS
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Apr 2005 18:48:26 -0000

Matt Juszczak wrote:
> I dont have access to the nfs server... only the client.  Your 
> configuration info showed me making changes on the server.  is there a 
> way to make the client work ok?

Just let your client connect to any port on the server - keep state so 
you can block incoming connections:

pass out quick on <interface> proto tcp from <client>/32 \
     to <nfs-server>/32 flags S keep state
pass out quick on <interface> proto udp from <client>/32 \
     to <nfs-server>/32 keep state

Erik
-- 
Ph: +34.666334818                           web: http://www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID:  A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2