Security
Prev Chapter 3.  NFS  Next

Security

On the NFS server, these iptables settings are sufficient to allow contact with the Kerberos Server and the Kerberos Admin Server: 

# KDM is the IP of the Kerberos Server
# KADMIN is the IP of the Kerberos Admin Server
#Allow Kerberos (both TCP and UDP):
iptables -A INPUT  -i ${IFACE} -p tcp -s ${KDM} --sport 88 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o ${IFACE} -p tcp -d ${KDM} --dport 88  -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT  -i ${IFACE} -p udp -s ${KDM} --sport 88  -j ACCEPT
iptables -A OUTPUT -o ${IFACE} -p udp -d ${KDM} --dport 88  -j ACCEPT
#Allow Kadmin:
iptables -A INPUT  -i ${IFACE} -p tcp -s ${KADMIN} --sport 749 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o ${IFACE} -p tcp -d ${KADMIN} --dport 749 -m state --state NEW,ESTABLISHED -j ACCEPT

Prev Up Next
The NFS client  Home Chapter 4.  Miscellaneous