1833865 Members
2140 Online
110063 Solutions
New Discussion

nfs mount thru firewall

 
SOLVED
Go to solution
Jacques Carriere
Regular Advisor

nfs mount thru firewall

Is this possible?
4 REPLIES 4
Steven E. Protter
Exalted Contributor
Solution

Re: nfs mount thru firewall

Shalom,

Yes but very difficult.

NFS v3 the latest version available for HP-UX 11.11 requires that ports in a randome range are open on the firewall. This requires openning up ports that admins won't open up normally unless there is a very good reason.

Note also that NFS v3 has an unencrypted data stream which means anybody can read your data.

If your server is HP-UX 11.23 with NFS Version 4 or Linux with standard NFS (also v4) it is possible to configure portmapping to a limited number of ports and maintain security and not drive the firewall admins nuts.

It is also possible to encrypt the data stream under those circumstances.

Summary however, on a practical level for security reasons its almost always a bad idea that network admins fight.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
perumal_2
Frequent Advisor

Re: nfs mount thru firewall

Hi

Yes it is possible if you have nfsv4. Till nfsv3 it uses RPC where it is not strictly binded to anty port and it was aboslutely impossibe to connect through a firewall. With nfs4 there is specifc port mapped and it possibel to use across in the internet hence it is possible through nfsv4.
Please refer the below url
http://www.vanemery.com/Linux/NFSv4/NFSv4-no-rpcsec.html#firewall
A detailed explanation of configuration in Fedora environement.

TQ
Perumal
Ralph Grothe
Honored Contributor

Re: nfs mount thru firewall

Setting up a filter ruleset for NFS can be quite tricky I would assume due to the portmapping issue.
I can remember to once have read something about that in one of the Howtos of the Linux Documentation Project.
Maybe at least it could provide you some hints if you looked here

http://tldp.org/HOWTO/NFS-HOWTO/security.html


Besides, some came up with the so called Self-certifying File System (SFS).
Maybe this could be an alternative to classic NFS in a hostile network?

http://www.fs.net/sfswww/
Madness, thy name is system administration
Jacques Carriere
Regular Advisor

Re: nfs mount thru firewall

thanks guys and have a great day.

points were assigned.

Jacques