NFS question..

Mark Street jet at
Wed Aug 21 10:51:39 PDT 2002

Emphasis on: NFS filesystems should not be exported to nonlocal 
machines......  That being said.

punch holes in firewall TCP and UDP 2049, TCP and UDP 111, yikes!!!


tcpwrap portmap in /etc/hosts.deny

in.portmap : ALL !

on the client end mount command

mount -o rw,hard,intr,bg,tcp 321.321.321.321:/pac

See how long it takes before you get portscanned on 111...... log them with 
portsentry or your firewall....

Just because you can, does not mean you should......

At 08:03 PM 8/20/2002 -0700, ME wrote:
>Knowing ahead of time, NFS does not stand for "Network File System" like
>many would have you believe, it is actually, "No Frickin' Security"; such
>is the case with many services over UDP. (TCP based NFS may add some
>security with NFSv3/TCP, but.... *sigh*)
>You probably want the "insecure" option for nfs which allows clients to
>bind from ports > 1024.

Mark Street
Chiropractor and RHCE
Validation Cert # 807302251406074

More information about the talk mailing list