NFS Firewall Rumi, September 9, 2015 Dynamic ports cannot be protected by port filtering firewalls such as iptables. First, you need to configure NFS services to use fixed ports. Open /etc/sysconfig/nfs, enter: # vi /etc/sysconfig/nfs Modify config directive as follows to set TCP/UDP unused ports: # TCP port rpc.lockd should listen on. LOCKD_TCPPORT=lockd-port-number # UDP port rpc.lockd should listen on. LOCKD_UDPPORT=lockd-port-number # Port rpc.mountd should listen on. MOUNTD_PORT=mountd-port-number # Port rquotad should listen on. RQUOTAD_PORT=rquotad-port-number # Port rpc.statd should listen on. STATD_PORT=statd-port-number # Outgoing port statd should used. The default is port is random STATD_OUTGOING_PORT=statd-outgoing-port-number Here is sample listing from one of my production NFS server: LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 RQUOTAD_PORT=875 STATD_PORT=662 STATD_OUTGOING_PORT=2020 Save and close the files. Restart NFS and portmap services: # service portmap restart # service nfs restart # service rpcsvcgssd restart Update /etc/sysconfig/iptables files Open /etc/sysconfig/iptables, enter: # vi /etc/sysconfig/iptables Add the following lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall- -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 2049 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 32803 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 32769 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 892 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 892 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 875 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 875 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 662 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p udp --dport 662 -j ACCEPT # service iptables restart Related Administrations Configurations (Linux) CentOSiptablesNFS
Fixing Rainloop Can’t get message list error April 29, 2019 For large mailbox when you have some mailbox having more than 100k mails in inbox, for those account you are getting error “Can’t get message list”. Here I got my fix, however can’t guarantee it works for you as well. My Rainloop version is 1.11.3. Following settings might help to… Read More
Endian Community (3.x)- network configuration using CLI- Netwizard February 20, 2019 After you login in you Endian Appliance, simply issue the following command: root@endian # netwizard You will be asked a couple of questions. If the network has already been configured, the current values are shown: simply press Enter if you want to keep that value. The snippet below shows some… Read More
Install Varnish on CentOS/RedHat/SL 5 or 6 December 5, 2012December 5, 2012 Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy. It is installed in front of the web application and it speeds up the web application significantly. Since varnish is not available in CentOS repo, you have to add the EPEL repo. However Varnish suggests… Read More