Iptables script and NFS not working ):

[Killer_Penguin]

So I have a firewall script, visible here: http://poo.foolclan.com/stuff/firewall

I can't seem to get nfs to work for my client with the IP of 192.168.0.3. I don't get any notice of a blocked port or anything, it just doesn' t work. I get rpc timeouts... (see thread in servers).

If somebody could help me debug this beast of a firewall, I would appreciate it.

KP

[Guitarlynn]

the client is LAN side, right? The firewall shouldn't affect it then.
If it is WAN side, you'll have to drop the 192.168./16 subnet
from the RFC/ipspoofing portion. If your LAN side, the problem
is likely in the client user being on the shared (server) machine
user base and in the hosts.allow file. I guess rpc could also be
an issue, but not likely being that you set up the client machine
correctly for sharing.

~Guitarlynn

[boblucci]

KP did you take a look at that how-to i posted a link to in the other thread?

It has a section on iptables and ipchains.

[Killer_Penguin]

*sigh*

What I'm looking for is help with my script. It's a script that I can't get rid of, I just need to make it work for NFS.

All I know is that if I bring the firewall down, I can mount the nfs share. If I put the firewall back up, no go.

[Guitarlynn]

If your using the 192.168.0.3 address off of the WAN side the
RFC private block deny rules are blocking it (ie.... 192.168/16,
172/8, 10./8) The section is about 3/4 of the way down, just
comment the line out. If the server LAN side is running the same
192.168.0/24 subnet, you'll also have to comment out the ip
spoofing rule.

Is this your setup?
Never did get a straight answer to that,
if it's not, the firewall isn't blocking anything.
/var/log/messages would tell you if it is.
~Guitarlynn

[Killer_Penguin]

Well, 192.168.0.3 is on the lan side, and I just looked through the script, that part IS commented out. I KNOW it's the firewall, because I can bring it down and NFS works like a charm. Put it back up and it doesn't.

Maybe I'm just blind, but can you cut an excert from wher eyou think I need to comment out?

[boblucci]

KP , did you ever get this working?

[Killer_Penguin]

Nope, I've kinda given up on it for now... I'm setting up a sparc 20 to be my NIS+ server, NFS server, DNS server, and homedirectory server. It's not going to be in the DMZ so I won't have to worry about firewalling it off.

[Vendetta]

maybe you should the author of your script help you out ;D

[Killer_Penguin]

maybe you should the author of your script help you out ;D

Eh, bite me!