[pfSense] NFS through pfSense

Michael Schuh michael.schuh at gmail.com
Sun May 13 16:05:40 EDT 2012


2012/5/13 Ian Levesque <ian at crystal.harvard.edu>

>
> On May 13, 2012, at 12:38 PM, William D. Armstrong - BSSN wrote:
>
> > I use this for access a nfs solaris 11 from another interface.
> >                      DMZ                         LAN
> > TCP/UDP       172.16.42.10    *       10.0.1.138      111     *
> qACK/qOthersHigh                WWW
> > -> SUN Remote Procedure Call
> > TCP/UDP       172.16.42.10    *       10.0.1.138      1110    *
> qACK/qOthersHigh
> >       WWW -> Cluster status info
> > TCP/UDP       172.16.42.10    *       10.0.1.138      2049    *
> qACK/qOthersHigh
> >       WWW -> NFS server daemon
> > TCP/UDP       172.16.42.10    *       10.0.1.138      4045    *
> qACK/qOthersHigh
> >       WWW -> NFS lock daemon manager
>
> That's NFSv4, which is certainly much easier to firewall (that was part of
> their design decision). Prior version of NFS required use of the
> portmapper, which is what makes all of this complicated. I know that at my
> work, our central NAS appliance simply didn't have the feature of
> specifying static ports for NFSv3 portmapper interactions. So we had to
> allow based on IP addresses.
>
> ~irl
> _______________________________________________
> List mailing list
> List at lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>

*bump*
i thought the whole time he would know about:

cat /etc/services| egrep "^.*(rpc.*|portmap|nfs).*$"
sunrpc 111/tcp portmapper # RPC 4.0 portmapper
sunrpc 111/udp portmapper
rpc2portmap 369/tcp
rpc2portmap 369/udp # Coda portmapper
courier 530/tcp rpc
nfs 2049/tcp # Network File System
nfs 2049/udp # Network File System

and aks for something else....rofl
sorry my bad, but i think it got a funny solution
(of course with more overhead and more possible error sources - everything
has his price)

-- 
= = =  http://michael-schuh.net/  = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil:  0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o m

= = =  Ust-ID:  DE251072318  = = =
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120513/eea2b4e6/attachment.html>


More information about the List mailing list