PDA

View Full Version : How to config eth1 as a trusted device in FC5


shenluming
11th September 2006, 08:46 AM
Hi all,

I just intalled x86 64-bit FC5 on my HP proliant server and was going to run nfs on it. I cannot run nfs server when the firewall is on. However, there are no such selections in FC5 that the I can select my eth1 as a trusted device in the firewall configuration. Could anyone tell me how to config eth1 as a trusted device manually?

Thanks.

Luming

ibbo
11th September 2006, 11:33 AM
"I cannot run nfs server when the firewall is on"

Yes you can. NFS starts up using random port selection so your firewall is blocking at because you cannot determine whcih port it is running on. So we bind NFS to a specific port so we can use it safely and through the firewall.

Edit /etc/sysconfig/nfs and add the desired ports you wish to use.

LOCKD_TCPPORT=48620
LOCKD_UDPPORT=48620
MOUNTD_PORT=48621
STATD_PORT=48622
RQUOTAD=no
RQUOTAD_PORT=48623

But thats long winded, You can easily allow all connection from your subnet (assuming eth1 is this).

edit /etc/hosts.deny and ADD
ALL: ALL

edit /etc/hosts.allow and ADD
ALL: <your subnet ip> I.E 192.168.0.

Or via IPTABLES

-A INPUT -i eth1 -s 192.168.0.0/24 -j ACCEPT <assuming your subnet is 192.168.0.0>

Ibbo

shenluming
12th September 2006, 12:52 AM
Thanks, Ibbo. I will try these out and let you know the results.

Luming

shenluming
12th September 2006, 01:49 PM
I tried the following setup.

edit /etc/hosts.deny and ADD
ALL: ALL

edit /etc/hosts.allow and ADD
ALL: 192.168.0.0/8

Unfortunately, it didn't work. my slave node couldn't mount the shared directory on my master node because the nfs server was down. If I turn off the firewall, then everything works. I used to use FC2 which allowed me to config the internal NIC as a trusted device. I don't why there is no such option in FC5. Can anyone help?

Luming

ibbo
12th September 2006, 03:27 PM
OK

Install firestarter on your sever (its a firewall with a gui). Once you have done that you have a few options but the easiest is to click the event tab/ refresh.

If your machines have already attempted to make a connection they will be listed here. Right click the attempt and click allow all from this host.

Thats should box that off for you nice and simply.

Also is 192.168.0.0 your subnet IP range? if not change it your subnet IP range. Did you try setting the NFS ports as above? You also would need to open your firewall for those ports.

ibbo

Clamart - Dhanaula Travel Photos - Touba Photos