[TriLUG] iptables again...

Jon Carnes jonc at nc.rr.com
Sun Apr 3 16:46:20 EDT 2005 

I've done this for folks before using NFS... and it's not pretty.  

Basically you have to open up all upper ports for UDP (and probably TCP)
between the two unix boxen. 

If you are the paranoid type, you can setup a VPN between the two boxes
first, and then setup the NFS to run across the private addresses used
by the VPN.

Here is an old help text I wrote for dong NFS, NIS, and automounting: 
  http://www.trilug.org/~jonc/nfs/nfs_nis_automount.txt

It's helpful and I guarantee you will be able to get NFS working by
following the step-by-step instructions :-)

Jon Carnes 

On Fri, 2005-04-01 at 10:56, dsandif wrote:
> Hi all,  any iptables experts out  there?
> 
> I want to poke a hole in a linux box to allow it to see and access other 
> computers and mount their drives\volumes and vice-vesra.
> 
> Essentially, from my RHWS and fedora boxes, I would like to beable to 
> access and mount drives\volumes of the following three computers through 
> iptables;
> 
> Apple = 192.123.0.1 drive\volume: fritters
> Pear = 192.123.0.4 drive\volume: schnapps
> kiwi = 192.123.0.8 drive\volume: pies
> 
> How do I do this?, what files do I need to edit? , and what are the proper
> firewall rules I need to input to make this possible?
> 
> 
> I looked around the forum here and on line and I think that this might 
> be an example:
> ****like, for example, if you wanna allow those IPs to connect to a web 
> server on your box:
> code:
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A INPUT -p TCP -i eth1 -s 192.168.0.1 --dport 80 -m state 
> --state NEW -j ACCEPT
> iptables -A INPUT -p TCP -i eth1 -s 192.168.0.2 --dport 80 -m state 
> --state NEW -j ACCEPT
> iptables -A INPUT -p TCP -i eth1 -s 192.168.0.3 --dport 80 -m state 
> --state NEW -j ACCEPT
> iptables -A INPUT -p TCP -i eth1 -s 192.168.0.4 --dport 80 -m state 
> --state NEW -j ACCEPT
> ****
> 
> I think I'm on the right track but I'm not sure. Thxs.
> 
> I need to be able to do this first without relying on a gui like 
> firestarter, thxs.
> 
>

More information about the TriLUG mailing list