NFS problem AGAIN -- it still does not work
srm at schokokeks.org
srm at schokokeks.org
Fri Jan 4 05:07:03 MST 2008
To close the circle:
Google reveals some hints for setting up NFS with iptables.
Here are some links that might give you a starting point:
http://lists.debian.org/debian-firewall/2005/12/msg00020.html (good thread)
http://www.ba.infn.it/calcolo/documenti/NFSServer.html#Firewall (NFS w.
IPTables HowTo)
http://www.google.co.uk/search?q=iptables+nfs&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
(everything else)
Feel free to alter the google query to get even more ideas :)
Kind regards,
stephan
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Along the lines which SRM has raised, it may be wiser to modify or
> refine the IPTables and install either Open Source Tripwire (OST) or
> Tripwire or another security tool for helping identify server
> security vulnerabilities so that one can construct an ever stronger
> or better protected server.
>
> Of course, the issue is really what is being done with the server.
> If it is open to the net in any capacity shutting down the IPTables
> is not a solution as you are inviting others to turn your server in
> the equivalent of a spawning system for virii, spam and worse.
> Shutting down the IPTables is even a worse option if that is the only
> security system you know of and/or tool which you have. The harder
> and more prudent approach is a combined strategy of multiple security
> tools for your server. I've suggested one security system I know
> about which works on YDL. There are probably others.
>
> Security, has become everyone's business to insure that one is not
> propagating problems for others via the server or client one owns.
> It's the new public hygiene like the unpleasant but necessary
> consideration of any other hygiene issue. In the end, it is in one's
> best interest to make the time to master the details.
>
> Perhaps a list of security systems like OST, and others, which work
> on YDL can be tested and listed somewhere as a reference.
> Best wishes...
>
> On Jan 4, 2008, at 5:49 AM, srm at schokokeks.org wrote:
>
>>
>>
>>> On Thursday 03 January 2008 17:45, Stephen Thudium wrote:
>>>> NFS now works!!
>>>>
>>>> I found my mistake: I needed to disable IPtables at the server.
>>>>
>>>> Thanks, everyone for your help.
>>>>
>>>> BTW, I would be willing to write a NFS HOWTO, if anyone can use
>>>> that.
>>>
>>> Please consider submitting it to:
>>> http://www.terrasoftsolutions.com/showcase/story-submit.shtml
>>>
>>> kai
>>> _______________________________________________
>>
>> That only tells you that you have to alter your IPtables setup.
>> As long as you don't have an additional, sufficient firewall i
>> think it is
>> not a good idea to disable your firewall on the server, given this
>> server
>> is somehow connected to the outside world.
>>
>> Regards,
>> stephan
>>
>> _______________________________________________
>> yellowdog-newbie mailing list
>> yellowdog-newbie at lists.terrasoftsolutions.com
>> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-newbie
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
>
> iD8DBQFHfhjAFvoPHRAQim0RAmFpAKCfBLlWRUFDJyBB8tZRZxCUyWOoNACdEX3K
> Y/QpGVkJLakDOstDvxJ0J5w=
> =Ekco
> -----END PGP SIGNATURE-----
> _______________________________________________
> yellowdog-newbie mailing list
> yellowdog-newbie at lists.terrasoftsolutions.com
> http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-newbie
>
More information about the yellowdog-newbie
mailing list