Hi Bill.

A quick google for "nfs firewall" gives the following link:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-nfs-firewall-config.html

(The above link will probably wrap or be split somewhere along the way.)

You can tie down the port range to suit your requirements.

See the above link for details.

Regards,
Morrie.

On 13/06/2014 9:57 PM, Bill wrote:

Hello All,

With autofs on Red Hat/Centos, the” /net –hosts” special map allows all NFS resources exported by all accessible NFS servers to get mounted under the /net directory without explicitly mounting each one of them. E.g. accessing /net/host1 will instruct autofs to mount all available resources on host1.

At first, it didn’t work. E.g. if I run

cd /net/host1

I have always got “No such file or directory”.

After running tcpdump to analyse the packets, I discovered that this particular feature uses sunrpc (port 111) and a random UDP port (30000 above). The problem is how I set iptables rule for this random port. I know I can specify a port range like --dport 30000:60000, but this is not a safe way to configure a firewall.

Cheers,

Bill
_______________________________________________
luv-main mailing list
luv-main@luv.asn.au
http://lists.luv.asn.au/listinfo/luv-main