IPFW / NFSD

[Mark Frasa]

Chuck Swiger schreef:
> Mark Frasa wrote:
> 
>>I am currently running 1 HTTP server on FreeBSD 6.0
>>
>>Offcourse, like anyone that likes security, i am running IPFW and set
>>the kernel to block by default.
>>
>>Behind that HTTP server i am running 2 Linux boxes.
>>
>>The problem is that when i enable the firewall and openup ports from
>>rpcinfo -p:
> 
> [ ... ]
> 
>>I opened up all these ports but i cant do an ls or write to nfs or
>>whatever.
> 
> 
> You should not be running portmap and NFS on a firewall machine.  You should not
> attempt to pass NFS or other filesharing through a firewall, except perhaps by
> using VPN tunneling.
> 
> If this existing machine needs to do NFS to your other Linux boxes, it should be
> placed behind a properly hardened firewall which perhaps uses NAT to forward
> HTTP connections inside to it.
> 

Let me explain more into detail;

I have:

INTERNET

FIREWALL/NFSD/HTTPD Machine

LINUXBOX    LINUXBOX

The boxes are on a /24 network and the firewall has 2 ip's 1 for local 
and 1 for outside connections, but both in the same subnet.

I want to use a $secure ip for nfsd and ssh connection, while using 
@arcas as an ip for port 80 connections

What i don't get is when i openup the $secureip for the /24 network i 
still get timeouts when writing to nfsd.

Mark.