[Shorewall-newbies] Shorewall and NFS?

Lyvim Xaphir lxaphir at yahoo.com
Tue Jan 6 04:34:17 PST 2004


On Sun, 2004-01-04 at 10:29, Tom Eastep wrote:
> On Sunday 04 January 2004 07:26 am, Tom Eastep wrote:
> > On Sunday 04 January 2004 05:49 am, Ronald J. Hall wrote:
> > > So I googled, found the Shorewall install guide and faqs, searched the
> > > Mandrake archives, and posted a query to the newbie and expert list. A
> > > couple of people have been trying to help there.
> >
> > Stupid suggestion --
> >
> > a) Go to the Shorewall home page.
> > b) At the top, you will see a "Search" form.
> > c) Enter NFS in the form and click "Search"
> >
> > The second hit is quite relevant.
> >
> > If the set of rules that you find there don't work (and of course you
> > should be looking at the Shorewall log to see what traffic is still getting
> > blocked), then I suggest opening ALL UDP traffic from the client systems to
> > the server in addition to TCP port 111.
> >
> 
> Oh -- and you should heed the warning on the Shorewall home page regarding 
> Mandrake's "Internet Connection Sharing"; Mandrake apparently doesn't want 
> you to be able to use my documentation directly so they have decided:
> 
> a) To call the local zone 'masq'; and
> b) To leave an empty zone called 'loc' so that any rules that you add for 
> 'loc' will not produce errors but will simply be ignored.
> 
> -Tom

Wow, just saw this.  Thanks for the information!

However, if that is true, would not the following rule NOT work?

DNAT    net     loc:192.168.0.18        udp     5121    -       -

I still need to check out the full range of documentation concerning
this, but I did make some changes to the policy  file before the above
started working:

loc     net     ACCEPT


Thanks

--LX



More information about the Shorewall-newbies mailing list