hr (Damir Rajnovic) writes:
# Well, here is another little question of mine and please do not laugh or
# et least do not laugh aloud.
# If I understod correctly following lines will disable all mount attempts
# form any host on outside network and enable all other kind of packet:
# acces-list 101 deny 0.0.0.0 255.255.255.255 X.X.X.0 0.0.0.255 eq 2049
# acces-list 101 permit 0.0.0.0 255.255.255.255 X.X.X.0 0.0.0.255
# Am I right? I have Cisco IGS.
No, sorry. NFS is an RPC-based service. RPC-based services, by their
nature, might end up on any random UDP port. NFS seems to
consistently get 2049, at least on SunOS 4.x machines; this may be due
to NFS's special status in relationship to the kernel. I wouldn't
want to _count_ on _all_ NFS servers _always_ getting port 2049,
however; there's nothing about the way NFS works (that I know of,
anyway) that says that has to be true.
Brent Chapman | Great Circle Associates | Call or email for info about
COM | 1057 West Dana Street | upcoming Internet Security
+1 415 962 0841 | Mountain View, CA 94041 | Firewalls Tutorial dates