Krishna, After install RedHat 7.3 on a COMPAQ machine using the Firewall Configuration: Medium Security Level, The system denied nfs and port 0:1023 (EJECT nfs and port 0:1023). In order to enable nfs, I edit /etc/sysconfig/ipchains and get new ipchains rules as follows. But I still can't mount to remote host by nfs.
$ ps -ef | grep portmap rpc 7038 1 0 12:02 ? 00:00:00 portmap # ipchains -L ACCEPT tcp -y---- anywhere anywhere any -> nfs ACCEPT udp ------ anywhere anywhere any -> nfs REJECT tcp -y---- anywhere anywhere any -> 0:1023 REJECT udp ------ anywhere anywhere any -> 0:1023 # mount remotehost:/test /localtest mount: RPC: Timed out Is nfs conflicts 0:1023 ports? Although nfs uses port 2049, I guess that some ports still should be enabled between 0:1023. I want to REJECT as many as ports between 0:1023, but keep nfs running. Do you know how to resolve it by using ipchains. Thanks, Hong -----Original Message----- From: Krishna [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 03, 2002 2:52 AM To: Hong Tian Subject: Re[2]: ipchains Hi Hong, Thursday, October 03, 2002 12:20:42 PM By default all inputs and outputs are closed. Uncomment all what was in ipchains file (/etc/sysconfig/ipchains). I do manually edit ipchains file. regards, Krishna mailto:[EMAIL PROTECTED] Krishna Shekhar Network Administrator Wiplash Wireless Wednesday, October 2, 2002, 9:06:29 PM , you wrote: HT> I did the followings (198.138.244.0 is local network address), but nfs still HT> does not work. Should I manually modify /etc/sysconfig/ipchains? HT> lan='198.138.244.0/255.255.255.0' HT> ipchains --append input --protocol tcp --source $lan nfs --jump ACCEPT HT> ipchains --append input --protocol udp --source $lan nfs --jump ACCEPT HT> ipchains --append output --protocol tcp --destination $lan nfs --jump ACCEPT HT> ipchains --append output --protocol udp --destination $lan nfs --jump ACCEPT HT> service ipchains save HT> -----Original Message----- HT> From: Anthony E. Greene [mailto:[EMAIL PROTECTED]] HT> Sent: Wednesday, October 02, 2002 1:47 AM HT> To: [EMAIL PROTECTED] HT> Subject: Re: ipchains HT> -----BEGIN PGP SIGNED MESSAGE----- HT> Hash: SHA1 HT> On 01-Oct-2002/16:23 -0400, Hong Tian <[EMAIL PROTECTED]> wrote: >>After installing RedHat 7.3 with Medium Security Level. The nfs is REJECT HT> by >>Ipchains. In order to allow mounting to another server, I need to set up >>with ACCEPT tcp/udp nfs (port 2049). HT> [snip] HT> lan='192.168.0.0/255.255.255.0' HT> ipchains --append input --protocol tcp --source $lan nfs --jump ACCEPT HT> ipchains --append input --protocol udp --source $lan nfs --jump ACCEPT HT> ipchains --append output --protocol tcp --destination $lan nfs --jump ACCEPT HT> ipchains --append output --protocol udp --destination $lan nfs --jump ACCEPT HT> service ipchains save HT> The first line sets the $lan variable to the local network/netmask to HT> restrict NFS connections to your local network. The next 4 lines set the HT> ipchains rules. The last line saves the rules to /etc/sysconfig/ipchains, HT> where they will be read each time the ipchais service is started. HT> Tony HT> - -- HT> Anthony E. Greene <mailto:[EMAIL PROTECTED]%3E> HT> OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D HT> AOL/Yahoo Messenger: TonyG05 HomePage: <http://www.pobox.com/~agreene/> HT> Linux. The choice of a GNU generation <http://www.linux.org/> HT> -----BEGIN PGP SIGNATURE----- HT> Version: GnuPG v1.0.6 (GNU/Linux) HT> Comment: Anthony E. Greene <mailto:[EMAIL PROTECTED]> 0x6C94239D HT> iD8DBQE9mohtpCpg3WyUI50RAgBtAKCvI5BLBkqCkeAxcsHchPLrG5EyhQCcCNTM HT> pUYCdm6ErWWt/WinnpN7Pj8= HT> =988F HT> -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
