[Shorewall-newbies] Make "no-response"

Ron Shannon rshannon at cruzcom.com
Fri Dec 5 15:40:41 PST 2003


You wrote:
  
> I found here that specific ports would have to be opened in 
> order to have NFS 
> (on my internal network) fuinction properly. But then I do 
> not want the ports to 
> be opened to the internet.

Assuming your firewall zone is "fw" and your internal network zone is "loc" and port1, port2, etc., are the ports you need, then you only need two lines in your rules file:

ACCEPT   fw   loc   tcp  port1,port2,port3...
ACCEPT   loc  fw    tcp  port1,port2,port3...

Those lines will allow the traffic to flow freely between internal workstations and the firewall, so the firewall can act as your NFS file server.

I must say, however, that in general, this ia a bad idea. A firewall is meant to be a wall -- only. The more additional services you put on the firewall, the less secure (and more complex) it will be.

Ron


More information about the Shorewall-newbies mailing list