Date: Fri, 13 Jan 2006 15:05:31 +0100 From: Mark Frasa <mark@frasa.net> To: freebsd-ipfw@freebsd.org Subject: nfsd and ipfw Message-ID: <43C7B3AB.5080204@frasa.net>
index | next in thread | raw e-mail
Hello,
I am currently running 1 HTTP server on FreeBSD 6.0
Offcourse, like anyone that likes security, i am running IPFW and set
the kernel to block by default.
Behind that HTTP server i am running 2 Linux boxes.
The problem is that when i enable the firewall and openup ports from
rpcinfo -p:
program vers proto port service
100000 4 tcp 111 rpcbind
100000 3 tcp 111 rpcbind
100000 2 tcp 111 rpcbind
100000 4 udp 111 rpcbind
100000 3 udp 111 rpcbind
100000 2 udp 111 rpcbind
100000 4 local 111 rpcbind
100000 3 local 111 rpcbind
100000 2 local 111 rpcbind
100005 1 udp 668 mountd
100005 3 udp 668 mountd
100005 1 tcp 984 mountd
100005 3 tcp 984 mountd
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
I opened up all these ports but i cant do an ls or write to nfs or whatever.
Then i thought maybe it's trying something local so i added:
$cmd add 00225 allow ip from 1.2.3.4/24 to any keep-state
Even this does not work.
Tcpdump shows me that when i have ipfw open, it only communicates with
port 2049 and i don't see anything more.
Can anybody help me out here?
Mark.
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43C7B3AB.5080204>