I am setting up an FDDI-Ethernet network and further partitioning
that network using access lists on a cisco. The plan is to have one
host as a file server on a subnet and one "secure" network that can
only access the file server via NFS and only access two other hosts
on the rest of the net. It would look something like
this:
219 Subnet (Secure)
|------------------|
|
| _
| |
|------------------| | 6 Subnet
| | | (File Server)
| Cisco |---------|
| | |
|------------------| |
| |
| -
|
|
|------------------|
201 Subnet (2 Others)
So, just setting up the access lists on the 219 interface, I have:
!
! allow 2 others to access secure host
access-list 101 permit ip 152.80.201.202 0.0.0.0 152.80.219.201 0.0.0.0
access-list 101 permit ip 152.80.201.204 0.0.0.0 152.80.219.201 0.0.0.0
!
! allow server to provide NFS to secure host
access-list 101 permit udp 152.80.6.201 0.0.0.0 152.80.219.201 0.0.0.0 eq 2049
where:
152.80.201.202 host 1
152.80.201.204 host 2
152.80.6.201 fileserver
152.80.219.201 secure host
This allows host 1 and host 2 to connect to the secure host, but NFS doesn't
work. It does work when I allow all udp traffic (i.e., remove the
eq 2049). The fileserver is a Sun SS 10 running SunOS 4.1.3 and the
"secure" host is another SS 10 running 4.1.3. Which additional ports do
I need to specify to get *just* NFS to work? I'm sure someone has
done this before....
--
Jeff Pack, Grumman Data Systems jpack @
fnoc .
navy .
mil
Fleet Numerical Meteorology and Oceanography Center Phone: (408) 656-4647
7 Grace Hopper Ave, Stop 1 FAX: (408) 656-4648
Monterey, CA 93943-5501
|
|
