John Von Essen on 10 Apr 2006 19:01:56 -0000 |
Update.... I got everything working except for lockd/nlockmgr. I've tried both methods of changing the port for the lockd kernel mod. Using lilo.conf: append="lockd.udpport=10001 lockd.tcpport=10001" Using modules.conf: options lockd nlm_tcpport=10001 nlm_udpport=10001 Neither works. Any ideas? -John On Mon, 10 Apr 2006, John Von Essen wrote: > Thanks. > > That does help. > > I made a mistake though, I am actually using Redhat 7.3 on the nfs server. > > the statd, quotad, and mountd stuff is straight-forward for forcing the > port. But for the lockd stuff, since I dont a modutils, or update modules, > I am not sure what to do. Is it possible to just write it directly in > modules.conf? > > Also, these types of changes, how do you think they would effect existing > mounts? Would all the mounts breaks, or would they reconnect > automatically? > > Thanks > John > > > On Sat, 8 Apr 2006, Stephen Gran wrote: > > > On Sat, Apr 08, 2006 at 12:44:13AM -0400, John Von Essen said: > > > I have two debian machines, one in an internal net, the other in a dmz > > > net. Everything is behind a PIX firewall. > > > > > > I need the dmz client to mount a nfs share from the internal net > > > server. So I opened up port 2049 tcp/udp, and also port 111 tcp/udp. > > > The nfs mount still hangs. While doing a tcpdump the rpc port 111 > > > traffic goes back and forth, but no nfs. Am I missing something in the > > > firewall? > > > > > > Granted all of this poses security and performance issues, but its a > > > special circumstance. At this point I just need to prove that it can be > > > done. > > > > You're missing quite a few ports. > > > > I have the following firewall rules in place to allow 3 machines access > > to nfs (sorry about the long lines): > > > > # NFS - only open to a few machines > > for host in 3 5 9; do > > $INSIDERULES -p tcp -s 192.168.1.${host} -m multiport --dports 111,1000,1001,1002,1003,2049 -j ACCEPT > > $INSIDERULES -p udp -s 192.168.1.${host} -m multiport --dports 111,1000,1001,1002,1003,2049 -j ACCEPT > > done > > > > And then I have this configuration to force nfs to bind to those ports: > > > > /etc/default/nfs-kernel-server: > > RPCMOUNTDOPTS="-p 1002" > > > > /etc/default/nfs-common: > > STATDOPTS="--port 1000 -o 1001" > > > > /etc/modutils/lockd.local: > > options lockd nlm_udpport=1003 nlm_tcpport=1003 > > (then run update-modules to regenerate modules.conf) > > > > Hope that's helpful, > > -- > > -------------------------------------------------------------------------- > > | Stephen Gran | The future lies ahead. | > > | steve@lobefin.net | | > > | http://www.lobefin.net/~steve | | > > -------------------------------------------------------------------------- > > > ___________________________________________________________________________ > Philadelphia Linux Users Group -- http://www.phillylinux.org > Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce > General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug > ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|