Results 1 to 2 of 2

Thread: NFS and shorewall Help!

  1. February 25th, 2010 #1
    BarryDocks
    BarryDocks is offline A Carafe of Ubuntu
    Join Date
    Apr 2009
    Beans
    110

    NFS and shorewall Help!

    I have successfully configured some NFS shares on my ubuntu server 8.04 by following this guide:
    https://help.ubuntu.com/community/SettingUpNFSHowTo

    my problem is that it only works with shorewall disabled. I have followed this guide to no avail:
    http://wiki.debian.org/SecuringNFS

    the relavent part of syslog:
    Code:
    Feb 25 08:37:31 server64 kernel: [   40.822892] Shorewall:lan2fw:REJECT:IN=eth1 OUT= MAC=00:19:99:0d:65:35:00:16:44:e7:a1:8c:08:00 SRC=10.10.64.17 DST=10.10.64.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=25547 DF PROTO=TCP SPT=40572 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 
Feb 25 08:37:42 server64 kernel: [   52.264757] Shorewall:lan2fw:REJECT:IN=eth1 OUT= MAC=00:19:99:0d:65:35:00:16:44:e7:a1:8c:08:00 SRC=10.10.64.17 DST=10.10.64.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4099 DF PROTO=TCP SPT=46807 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 
Feb 25 08:37:48 server64 kernel: [   58.252795] Shorewall:lan2fw:REJECT:IN=eth1 OUT= MAC=00:19:99:0d:65:35:00:16:44:e7:a1:8c:08:00 SRC=10.10.64.17 DST=10.10.64.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4700 DF PROTO=TCP SPT=46807 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0 
Feb 25 08:37:54 server64 kernel: [   64.242648] Shorewall:lan2fw:REJECT:IN=eth1 OUT= MAC=00:19:99:0d:65:35:00:16:44:e7:a1:8c:08:00 SRC=10.10.64.17 DST=10.10.64.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=5305 DF PROTO=TCP SPT=46807 DPT=111 WINDOW=5840 RES=0x00 SYN URGP=0
    Output of rpcinfo
    Code:
    rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  32765  status
    100024    1   tcp  32765  status
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100021    1   udp  42794  nlockmgr
    100021    3   udp  42794  nlockmgr
    100021    4   udp  42794  nlockmgr
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100021    1   tcp  51094  nlockmgr
    100021    3   tcp  51094  nlockmgr
    100021    4   tcp  51094  nlockmgr
    100005    1   udp  32767  mountd
    100005    1   tcp  32767  mountd
    100005    2   udp  32767  mountd
    100005    2   tcp  32767  mountd
    100005    3   udp  32767  mountd
    100005    3   tcp  32767  mountd
    relevant Shorewall rules added:
    Code:
    # Allow nfs mounts to local network
ACCEPT	fw	lan	udp	111
ACCEPT	fw	lan	tcp	111
ACCEPT	fw	lan	tcp	2049
ACCEPT	fw	lan	udp	2049
ACCEPT	fw	lan	tcp	32765:32769
ACCEPT	fw	lan	udp	32765:32769
    I would be grateful for any help!
    Last edited by BarryDocks; February 25th, 2010 at 09:50 AM.
    Advanced reply Adv Reply  
  2. February 25th, 2010 #2
    BarryDocks
    BarryDocks is offline A Carafe of Ubuntu
    Join Date
    Apr 2009
    Beans
    110

    Re: NFS and shorewall Help!

    Solved, just had to create reciprocal rules to access the firewall from ley LAN. The appropriate shorewall rules now look like:
    Code:
    # Allow nfs mounts to local network
ACCEPT	fw	lan	udp	111
ACCEPT	fw	lan	tcp	111
ACCEPT	fw	lan	tcp	2049
ACCEPT	fw	lan	udp	2049
ACCEPT	fw	lan	tcp	32765:32769
ACCEPT	fw	lan	udp	32765:32769
ACCEPT	lan	fw	udp	111
ACCEPT	lan	fw	tcp	111
ACCEPT	lan	fw	tcp	2049
ACCEPT	lan	fw	udp	2049
ACCEPT	lan	fw	tcp	32765:32769
ACCEPT	lan	fw	udp	32765:32769
    Not sure how secure this is, any comments would be great?
    Advanced reply Adv Reply  
« Previous Thread | Next Thread »

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct