IPFW / NFSD
Chuck Swiger
cswiger at mac.com
Wed Jan 25 05:51:56 PST 2006
Mark Frasa wrote:
> I am currently running 1 HTTP server on FreeBSD 6.0
>
> Offcourse, like anyone that likes security, i am running IPFW and set
> the kernel to block by default.
>
> Behind that HTTP server i am running 2 Linux boxes.
>
> The problem is that when i enable the firewall and openup ports from
> rpcinfo -p:
[ ... ]
> I opened up all these ports but i cant do an ls or write to nfs or
> whatever.
You should not be running portmap and NFS on a firewall machine. You should not
attempt to pass NFS or other filesharing through a firewall, except perhaps by
using VPN tunneling.
If this existing machine needs to do NFS to your other Linux boxes, it should be
placed behind a properly hardened firewall which perhaps uses NAT to forward
HTTP connections inside to it.
--
-Chuck
More information about the freebsd-questions
mailing list