[CentOS] NFS and firewall issues

[Charles Lacroix]

Hi, 

make sure you have a 1 in this file
/proc/sys/net/ipv4/ip_forward

echo "1" > /proc/sys/net/ipv4/ip_forward

Other than that, everything looks alright.

later
Charles

On Tuesday 16 May 2006 08:34, Niki Kovacs wrote:
> Hi,
>
> I have a small home LAN, where one machine (192.168.1.1) connects to the
> internet via dialup (no DSL here) and shares the connection with IP
> masquerading. To achieve this, I tried out various recipes found on the
> internet, and finally put this in /etc/rc.d/rc.local:
>
> --8<------ rc.local ------------
> #!/bin/sh
> #
> # This script will be executed *after* all the other init scripts.
> # You can put your own initialization stuff in here if you don't
> # want to do the full Sys V style init stuff.
>
> touch /var/lock/subsys/local
>
> # Setup IP Masquerading
> iptables -F; iptables -t nat -F; iptables -t mangle -F
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>
> # Secure it
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
> iptables -P INPUT DROP
> iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
> --8<---------------------------
>
> I don't understand much about iptables. Documentation about it is on my
> TODO list (I'll keep it for after my death:oD).
>
> Now I have a problem. I fiddled a bit with NFS, and I had a
> firewall-related problem with it. In short, when iptables (the firewall)
> runs, I can't do an NFS mount. But as soon as I stop it (service iptables
> stop), NFS mounts are possible.
>
> Now what can I do to 1) go on sharing my ppp connection 2) be able to do
> NFS mounts while 3) still having a reasonable secure system?
>
> Cheers,
>
> Niki Kovacs
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos