[Shorewall-newbies] Shorewall and NFS?

Ronald J. Hall dark_lord at charter.net
Sun Jan 4 08:49:14 PST 2004


First of all, I'm not subscribed so can all replies come to my e-mail address? 
Thanks! (dark_lord at charter.net)
-----------------------------------------------------------------------------
Okay, here is my setup:

cablemodem -> DLink router -> 3 comps on a LAN.

(main comp/NFS server is 192.168.0.100 - 2 clients are 192.168.0.101 and 
192.168.0.102. DLink router is accessed at 192.168.0.1)

My comp has 1 nic, eth0, and its the NFS server for the other 2 comps.
(running v9.2 Mandrake download edition, v9.1 on the other 2 comps)

I've used NFS for a long time, sweet...easy...reliable. I finally decided that 
though I was sitting behind the DLinks hardware firewall that I probably 
should be running something, so I installed Shorewall. Now, neither of the 2 
client comps will bootup without NFS hanging for awhile then finally going on 
but with a RPC timeout error and NFS is not working. Obviously Shorewall is 
blocking whatever ports NFS needs.

So I googled, found the Shorewall install guide and faqs, searched the 
Mandrake archives, and posted a query to the newbie and expert list. A couple 
of people have been trying to help there.

I tried this in /etc/shorewall/rules:

#ACTION  SOURCE         DEST            PROTO   DEST    SOURCE     ORIGINAL     
RATE            USER
#                                               PORT    PORT(S)    DEST         
LIMIT
ACCEPT  loc     fw      tcp     111,137,138,139,369,2049,32700
ACCEPT  loc     fw      udp     111,137,138,139,369,2049,32700
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

I also tried:

ACCEPT	loc:192.168.0.101,192.168.0.102	fw	tcp	111,137,138,139,369,2049,32700
ACCEPT	loc:192.168.0.101,192.168.0.102	fw	udp	111,137,138,139,369,2049,32700

and

ACCEPT	net:192.168.0.101,192.168.0.102	fw	tcp	111,137,138,139,369,2049,32700
ACCEPT	net:192.168.0.101,192.168.0.102	fw	udp	111,137,138,139,369,2049,32700

and restarted with a "service shorewall restart". Still the same problem, I 
get the RPC timeout error on the client machines.

So I did this to /etc/shorewall/policy:

###############################################################################
#SOURCE         DEST            POLICY          LOG             LIMIT:BURST
#                                               LEVEL
#
loc    fw      ACCEPT
# THE FOLLOWING POLICY MUST BE LAST
#
fw      net     ACCEPT
net     all     DROP    info
all     all     REJECT  info
#LAST LINE -- DO NOT REMOVE

restarted shorewall again - and the same RPC timeout error.

Can anyone please help me with getting NFS to work with Shorewall?

Thanks much!

-- 

                                                                       /\
                                                                 Dark< >Lord
                                                                       \/    



More information about the Shorewall-newbies mailing list