Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Firewall Configuration Red Hat Enterprise Linux 4     - CentOS6.5 installation Docker (Linux)

- Linux security concerns again (Linux)

- Eight kinds of techniques to solve hard problems Linux (Linux)

- Linux how to handle file names that contain spaces and special characters (Linux)

- Linux FAQ - How to fix tar:Exitingwith failure status due to previous errors (Linux)

- Android determine the device network connection status, and determine the connection (Programming)

- Android Studio Getting Started Hello World (Programming)

- How to set the default Fedora from the command line (Linux)

- HTML5 postMessage cross-domain data exchange (Programming)

- lolcat: an output terminal rainbow effects in the Linux command-line tool (Linux)

- linux raid levels and concepts introduced (Linux)

- How to configure Apache Solr on Ubuntu 14/15 (Server)

- C ++ Supplements - malloc free and new delete the same and different (Programming)

- To install MySQL on Linux (Database)

- Oracle RMAN backups of the control file backup (Database)

- 5 fast Node.js application performance tips (Programming)

- Openfire achieve load balancing cluster by Nginx (Server)

- Related to optimize the use of Btrfs file system on SSD (Linux)

- How to use Android Studio development / debugging Android source code (Linux)

- Linux system with a firewall to prevent the DOS attack (Linux)

 
         
  Firewall Configuration Red Hat Enterprise Linux 4
     
  Add Date : 2017-04-13      
         
       
         
  Version: Red Hat Enterprise Linux 4

phenomenon:

NFS rely on portmap assigned port it's listening. These ports are dynamically allocated, so after each restart NFS port will change. This allows the system to allow access only after a designated port of a firewall is running NFS server becomes difficult.

solve:

The first step is to assign a permanent port number to each NFS service (rquotad, mountd, statd, and lockd). Because they can use any port above 1024 is not used, it is recommended that you first check the / etc / services file to find a valid unused port range. The following example uses 10000-10005.

Most of these ports are configured in / etc / sysconfig / nfs file. If it does not exist, create it. It looks like this:

# NFS port numbers STATD_PORT = 10002 STATD_OUTGOING_PORT = 10003 MOUNTD_PORT = 10004 RQUOTAD_PORT = 10005

lockd and other services configuration is different, because it is a core module. To set the port lockd used in / etc / sysconfig / nfs file, add these options:

LOCKD_UDPPORT = 30001 LOCKD_TCPPORT = 30001

Here, "30001" can be replaced with any port is available and can be allocated for use.

And after that configuration changes, you can use the command rpcinfo -p

< Hostname>

To view the port allocation:

# Rpcinfo -p localhost program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 10001 nlockmgr 100021 3 udp 10001 nlockmgr 100021 4 udp 10001 nlockmgr 100021 1 tcp 10000 nlockmgr 100021 3 tcp 10000 nlockmgr 100021 4 tcp 10000 nlockmgr 100024 1 udp 10002 status 100024 1 tcp 10002 status 100011 1 udp 10005 rquotad 100011 2 udp 10005 rquotad 100011 1 tcp 10005 rquotad 100011 2 tcp 10005 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 10004 mountd 100005 1 tcp 10004 mountd 100005 2 udp 10004 mountd 100005 2 tcp 10004 mountd 100005 3 udp 10004 mountd 100005 3 tcp 10004 mountd

Thus, when the port will be retained after the restart NFS. Below is a list on the firewall ports need to be open:

* 111: portmap (tcp / udp) * 2049: nfs (tcp / udp) * 10000: example lockd (tcp) * 10001: example lockd (udp) * 10002: example statd / status (tcp / udp) * 10003: example statd / status outgoing (tcp / udp) * 10004: example mountd (tcp / udp) * 10005: example rquotad (tcp / udp)

You can now open these ports on the firewall to allow remote clients to mount the share on the server output. If you are using iptables, you can use the following command to increase the input / output rules to allow access to these ports. Note that this is just an example, your firewall rules may not be the same:

# Iptables -A INPUT -p tcp -m tcp --dport 111 -j ACCEPT # iptables -A INPUT -p udp -m udp --dport 111 -j ACCEPT # iptables -A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT # iptables -A INPUT -p udp -m udp --dport 2049 -j ACCEPT # iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT # iptables -A INPUT -p udp -m udp --dport 10001 -j ACCEPT # iptables -A INPUT -p tcp -m tcp --dport 10002: 10005 -j ACCEPT # iptables -A INPUT -p udp -m udp --dport 10002: 10005 -j ACCEPT # iptables -A INPUT -m state --state RELATED, ESTABLISHED -j ACCEPT # iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable # iptables -A OUTPUT -p tcp -m tcp --dport 111 -j ACCEPT # iptables -A OUTPUT -p udp -m udp --dport 111 -j ACCEPT # iptables -A OUTPUT -p tcp -m tcp --dport 2049 -j ACCEPT # iptables -A OUTPUT -p udp -m udp - dport 2049 -j ACCEPT # iptables -A OUTPUT -p tcp -m tcp --dport 10000 -j ACCEPT # iptables -A OUTPUT -p udp -m udp --dport 10001 -j ACCEPT # iptables -A OUTPUT -p tcp - m tcp --dport 10002: 10005 -j ACCEPT # iptables -A OUTPUT -p udp -m udp --dport 10002: 10005 -j ACCEPT # iptables -A OUTPUT -m state --state RELATED, ESTABLISHED -j ACCEPT # iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable

Note: There are no mount request specified using tcp options will default to udp.
     
         
       
         
  More:      
 
- IronPython and C # to interact (Programming)
- How do I delete a NEEDS RECOVERY rollback state of undo tablespace (Database)
- How to find out a Unix system library files are 32-bit or 64-bit (Linux)
- SSH security note (Linux)
- CentOS source installation GitLab Chinese Version (Server)
- printf PHP string operations () built-in function usage (Programming)
- Nginx1.8 version upgrade method AMH4.2 Free manually compile (Server)
- Linux boot process and run level (Linux)
- Learning C language pointer essays (Programming)
- Installation and management of Linux applications (Linux)
- Mass data storage application of MongoDB database (Database)
- Ubuntu way of decompressing files (Linux)
- To install the Ubuntu Touch emulator on Ubuntu (Linux)
- In addition to wget and curl, what better alternatives (Linux)
- Linux System Getting Started Learning: install software packages on Ubuntu and Fedora (Linux)
- Nginx DHCP TFTP Kickstart set up automatic installation system (Server)
- CentOS6.6 ordinary users to use sudo command to borrow root user privileges (Linux)
- Linux using TCP-Wrapper Service Management (Linux)
- The signature can not be verified under Debian (Linux)
- Java coding conventions (Programming)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.