Firewall Wizards mailing list archives

Re: Configuring firewall with nfs - problem!

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 19 May 2003 19:13:17 -0400 (EDT)


in otherwords, this is not really ment to be a secured system/setup,
correct?  If so, then you might want to look about the various vuln
databases and search on RPC and the assorted issues that has plagued it
for the past 5-10 years.

Thanks,

Ron DuFresne

On Mon, 19 May 2003, Johan Glimming wrote:

Dear All,

I have a problem with my Redhat 9 installation. I am trying to enable NFS 
but the respective ports are rejected. This is the contents of my 
/etc/sysconfig/iptables, i.e. the firewall rules:

# Enable NFS, Webb, FTP, SSH for sputnik 
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT

# NFS rules
-A INPUT -f -j ACCEPT -s 192.168.0.5
-A INPUT -s 192.168.0.5 -p tcp -m tcp --dport 32765:32768 -j ACCEPT
-A INPUT -s 192.168.0.5 -p udp -m udp -d 0/0 --dport 32765:32768 -i eth0 -j ACCEPT
-A INPUT -s 192.168.0.5 -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -s 192.168.0.5 -p udp -m udp -d 0/0 --dport 2049 -i eth0 -j ACCEPT
-A INPUT -s 192.168.0.5 -p tcp -m tcp --dport 111 -j ACCEPT
-A INPUT -s 192.168.0.5 -p udp -m udp --dport 111 -j ACCEPT

# Other rules
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 10.0.0.1 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 10.0.0.2 --sport 53 -d 0/0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -j REJECT
COMMIT

As you see, the server is 192.168.0.4 and the client is 192.168.0.5. I 
want to set up rules such that only the client 192.168.0.5 can access NFS 
in my 192.168.0.4 server, hence the -s parameters.

I appreciate some help,
Johan 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Configuring firewall with nfs - problem! Johan Glimming (May 19)
- Re: Configuring firewall with nfs - problem! R. DuFresne (May 20)
- Re: Configuring firewall with nfs - problem! Luca Berra (May 20)