NFS Server + IP Tables
Posted: 2010/11/09 18:58:39
Greetings.
I've managed to get an NFS server to work with IPTables but there's ONE last thing I'd like to adjust if possible.
I'm limiting all NFS traffic to the local network. I have both IPTables and hosts.allow/deny set up so that if you're outside of 192.168.1.0/24 you're not able to connect.
The one thing that I'm not liking, is the only way to get IPTables and NFS server to be friendly is to disable this default line in iptables:
#-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
I've tried all sorts of rules to allow the ICMP traffic only from the local network, but everything seems to fail unless I disable this rule.
So what I'm hoping to find is whether or not #-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited is a critical and/or if there's a way to still use this but override it for local icmp traffic?
I've googled all morning with no luck. Everything that was suggested failed miserably.
Thanks!
I've managed to get an NFS server to work with IPTables but there's ONE last thing I'd like to adjust if possible.
I'm limiting all NFS traffic to the local network. I have both IPTables and hosts.allow/deny set up so that if you're outside of 192.168.1.0/24 you're not able to connect.
The one thing that I'm not liking, is the only way to get IPTables and NFS server to be friendly is to disable this default line in iptables:
#-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
I've tried all sorts of rules to allow the ICMP traffic only from the local network, but everything seems to fail unless I disable this rule.
So what I'm hoping to find is whether or not #-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited is a critical and/or if there's a way to still use this but override it for local icmp traffic?
I've googled all morning with no luck. Everything that was suggested failed miserably.
Thanks!