[Shorewall-newbies] Make "no-response"
rshannon at cruzcom.com
Fri Dec 5 15:40:41 PST 2003
> I found here that specific ports would have to be opened in
> order to have NFS
> (on my internal network) fuinction properly. But then I do
> not want the ports to
> be opened to the internet.
Assuming your firewall zone is "fw" and your internal network zone is "loc" and port1, port2, etc., are the ports you need, then you only need two lines in your rules file:
ACCEPT fw loc tcp port1,port2,port3...
ACCEPT loc fw tcp port1,port2,port3...
Those lines will allow the traffic to flow freely between internal workstations and the firewall, so the firewall can act as your NFS file server.
I must say, however, that in general, this ia a bad idea. A firewall is meant to be a wall -- only. The more additional services you put on the firewall, the less secure (and more complex) it will be.
More information about the Shorewall-newbies