partage nfs et pare-feu

dimanche 31 mai 2015

suite a ce fil => http://ift.tt/1HmKaoc … 30#p123030

modifications a apporter à nfs (à vérifier )
commande


nano /etc/default/nfs-kernel-server
 

retour


# Number of servers to start up
RPCNFSDCOUNT=8

# Runtime priority of server (see nice(1))
RPCNFSDPRIORITY=0

# Options for rpc.mountd.
# If you have a port-based firewall, you might want to set up
# a fixed port here using the --port option. For more information,
# see rpc.mountd(8) or http://ift.tt/PMIzgO
# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
#RPCMOUNTDOPTS="--manage-gids"
RPCMOUNTDOPTS="--manage-gids --port 2048"

# Do you want to start the svcgssd daemon? It is only required for Kerberos
# exports. Valid alternatives are "yes" and "no"; the default is "no".
NEED_SVCGSSD=""

# Options for rpc.svcgssd.
RPCSVCGSSDOPTS=""
 

commande


/etc/default/nfs-common
 

retour


# If you do not set values for the NEED_ options, they will be attempted
# autodetected; this should be sufficient for most people. Valid alternatives
# for the NEED_ options are "yes" and "no".

# Do you want to start the statd daemon? It is not needed for NFSv4.
NEED_STATD=

# Options for rpc.statd.
#   Should rpc.statd listen on a specific port? This is especially useful
#   when you have a port-based firewall. To use a fixed port, set this
#   this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
#   For more information, see rpc.statd(8) or [url]http://ift.tt/1eJD8R8]
#STATDOPTS=
STATDOPTS="--port 2046 --outgoing-port 2047"

# Do you want to start the idmapd daemon? It is only needed for NFSv4.
NEED_IDMAPD=

# Do you want to start the gssd daemon? It is required for Kerberos mounts.
NEED_GSSD=
 

commande


/etc/modprobe.d/lockd
 

retour


options lockd nlm_udpport=2045 nlm_tcpport=2045
 

rpc.mountd emploie le port 2048
rpc.statd ecoute le port 2046 et utilise le port 2047 pour les connections sortantes

ce sont les ports 111 et 2045 2049 (udp et tcp ) à surveiller .

il reste a créer une règle pour le pare-feu (serveur et client ), et pour limiter le sniffer et spoofing je sais pas  hmm



partage nfs et pare-feu
Publié par dany à 07:08
Libellés :

0 commentaires:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)
 

Lorem

Ipsum

Dolor