- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: UNIX NFS discussion
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-06-2009 03:04 AM
тАО06-06-2009 03:04 AM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-06-2009 03:13 AM
тАО06-06-2009 03:13 AM
SolutionPlease check the link
http://www.windowsecurity.com/whitepapers/HP_Unix_Security_Handbook.html#3.1
thanks and regards
Sajjad Sahir
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-06-2009 08:25 AM
тАО06-06-2009 08:25 AM
Re: UNIX NFS discussion
in the post above, refer to the section 5.4 "Services", specifically "Objective 4.4.12" where it talks about configuring /etc/exports, permissions and priviledges.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2009 07:52 PM - last edited on тАО06-18-2021 03:56 AM by Ramya_Heera
тАО06-07-2009 07:52 PM - last edited on тАО06-18-2021 03:56 AM by Ramya_Heera
Re: UNIX NFS discussion
HP-UX 11i v3 introduced Secure NFS where you can configure different levels of security on a per-filesystem basis. You can require Kerberos authentication before accessing data, checksum the data on both ends of the connection to ensure the data has not been tampered with, or completely encrypt the data on the wire so anyone sniffing packets cannot see any data.
The NFS Admin guide for 11i v3 describes how to configure this. I'm also going to be posting a technical paper on Secure NFS in the next week or so to docs.hp.com.
Regards,
Dave
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-07-2009 08:12 PM
тАО06-07-2009 08:12 PM
Re: UNIX NFS discussion
Is it possible to share it now? because needed urgently.
Dharma
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2009 05:59 AM
тАО06-08-2009 05:59 AM
Re: UNIX NFS discussion
does it even apply to your situation, as you have yet to mention OS version and Secure NFS applies to 11iv3 only?
Did you look at the referenced Admin Guide? If not, its here:
http://docs.hp.com/en/B1031-90064/index.html
Or the previously noted sites / docs? Does any of the above meet your (as yet undefined) requests? If not, then (again) what "insecure....details" are you attempting to "secure"?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2009 08:49 AM
тАО06-08-2009 08:49 AM
Re: UNIX NFS discussion
(* Wild Guess to what you want *) Can NFS it be used in a DMZ or go through a firewall? No. NFS uses different ports dynamically. For a DMZ or Firewall the assignments would have to be static.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2009 08:56 AM
тАО06-08-2009 08:56 AM
Re: UNIX NFS discussion
I can't tell if he want's Secure NFS (vs NFS) or if he's looking at what permissions should be on files (like /etc/exports) or ?? and he doesn't seem to want to explain WHAT it is he wants to do. He just keeps asking questions w/o answering any
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2009 08:57 AM
тАО06-08-2009 08:57 AM
Re: UNIX NFS discussion
> it be used in a DMZ or go through a
> firewall? No. NFS uses different ports
> dynamically. For a DMZ or Firewall the
> assignments would have to be static.
I have many customers using NFS through a firewall. When you say NFS uses different ports dynamically I assume you're referring to the server side daemons like rpc.lockd, rpc.statd, rpc.mountd. Portmapper has always used port 111 and NFS always uses port 2049. So it's these other services that use dynamic ports.
We introduced the ability to assign static port numbers to these daemons a few years ago. This feature is available for HP-UX 11i v1/v2/v3. It allows you to force rpc.lockd to always use port 4045 (for example) rpc.statd to always use 4046 and rpc.mountd to always use 4047 - or whatever port numbers you choose. It's then pretty straight forward to configure the firewall to allow connections to these daemons.
Also, 11i v3 introduced NFS v4. There is no longer a separate MOUNT or LOCK protocol for NFS v4, so all requests go to port 2049. That makes configuring an NFS v4 server behind a firewall pretty easy.
As most people here have said, I don't know if this is what DharmaRao is asking about, but I hope this information helps others.
Regards,
Dave
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-08-2009 08:59 AM
тАО06-08-2009 08:59 AM