NFS ports for firewall?
charlescurley at charlescurley.com
Thu Apr 28 18:12:07 MDT 2005
On Thu, Apr 28, 2005 at 04:47:11PM -0600, Lonnie Olson wrote:
> On Apr 28, 2005, at 4:30 PM, Charles Curley wrote:
> >I recently added a wireless AP to my network. This means I now want
> >firewalls on all my boxen. Which ports do I have to have open so I can
> >export NFS?
> >I found:
> >sunrpc 111/tcp portmapper # RPC 4.0 portmapper
> >sunrpc 111/udp portmapper # RPC 4.0 portmapper
> >nfs 2049/tcp nfsd
> >nfs 2049/udp nfsd
> >What else?
> Those should be fine for normal use, but you can also look at other
> open ports via `rpcinfo -p`.
Thanks, that helped.
> Also be aware of security. NFS has only host/IP based security.
> Meaning anyone driving by that can hop on your WAP, choose an IP
> address and mount your exports. and may do nasty things.
Very much aware of the issues here. I'm going to re-write the export
file to allow only specific IP addresses, and they are all already RO
Using iptables-[save|restore] and some braindead scripting, I now have
two firewalls, one for when I want to allow NFS, and one for when I
And I don't put anything critical on them. As far as I'm concerned, if
some bozon wants to do a drive-by crack and slurp in 3 GB of Fedora
Core ISOs, he/she/it is welcome to it.
> | This has been a P.L.U.G. mailing. |
> | Don't Fear the Penguin. |
> | IRC: #utah at irc.freenode.net |
Charles Curley /"\ ASCII Ribbon Campaign
Looking for fine software \ / Respect for open standards
and/or writing? X No HTML/RTF in email
http://www.charlescurley.com / \ No M$ Word docs in email
Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://plug.org/pipermail/plug/attachments/20050428/44f08cc2/attachment.bin
More information about the PLUG