[CentOS] NFS and firewall issues

Tue May 16 12:54:29 UTC 2006
Charles Lacroix <clacroix at cegep-ste-foy.qc.ca>

Oh sorry i didn't fully read the post, 

You will also need to add something like this

iptables -I INPUT -i eth0 -j ACCEPT 

which will allow anything to connect to the server from inside ( if eth0 is 
your internal network card )

put this just before your
iptables -A INPUT -P DROP

Sorry again.

On Tuesday 16 May 2006 08:48, Charles Lacroix wrote:
> Hi,
>
> make sure you have a 1 in this file
> /proc/sys/net/ipv4/ip_forward
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
>
> Other than that, everything looks alright.
>
> later
> Charles
>
> On Tuesday 16 May 2006 08:34, Niki Kovacs wrote:
> > Hi,
> >
> > I have a small home LAN, where one machine (192.168.1.1) connects to the
> > internet via dialup (no DSL here) and shares the connection with IP
> > masquerading. To achieve this, I tried out various recipes found on the
> > internet, and finally put this in /etc/rc.d/rc.local:
> >
> > --8<------ rc.local ------------
> > #!/bin/sh
> > #
> > # This script will be executed *after* all the other init scripts.
> > # You can put your own initialization stuff in here if you don't
> > # want to do the full Sys V style init stuff.
> >
> > touch /var/lock/subsys/local
> >
> > # Setup IP Masquerading
> > iptables -F; iptables -t nat -F; iptables -t mangle -F
> > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> >
> > # Secure it
> > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> > iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT
> > iptables -P INPUT DROP
> > iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT
> > --8<---------------------------
> >
> > I don't understand much about iptables. Documentation about it is on my
> > TODO list (I'll keep it for after my death:oD).
> >
> > Now I have a problem. I fiddled a bit with NFS, and I had a
> > firewall-related problem with it. In short, when iptables (the firewall)
> > runs, I can't do an NFS mount. But as soon as I stop it (service iptables
> > stop), NFS mounts are possible.
> >
> > Now what can I do to 1) go on sharing my ppp connection 2) be able to do
> > NFS mounts while 3) still having a reasonable secure system?
> >
> > Cheers,
> >
> > Niki Kovacs
> > _______________________________________________
> > CentOS mailing list
> > CentOS at centos.org
> > http://lists.centos.org/mailman/listinfo/centos
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos