Great Circle Associates Firewalls
(November 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: NFS Filtering Question
From: dscott @ eng . dowjones . com (Dave Scott)
Date: Wed, 15 Nov 95 10:24:34 EST
To: firewalls @ greatcircle . com
Cc: dscott @ eng . dowjones . com
>received: from dscott.eng.dowjones.com by eng.dowjones.com (5.x/SMI-SVR4) id AA13920; Wed, 15 Nov 1995 10:24:03 -0500 
Hello all, 

Quick question about filtering NFS... Notice I said "filtering"
NFS (with a router) and not "firewalling" NFS.  I have 2 corporate
networks (which are completely isolated from the Internet)
and I'd like to leave them as 2 networks for the most part,
but I've been told that we must be able to NFS mount machines from
one net to the other.

I did some sniffing and found the usual ports used, that is 111
and 2049 (RPC and NFS) But I also found that there is some
randomness to the port numbers used between machines, and they
are below the superuser fence... For example, I saw port numbers
like 522 and 935.

So the simple question is why?  Would this be something specific
to Wallongong maybe?  Is there a range of ports I have to open,
of would is be easier to deny specifics and allow all else ?

Thanks,

Dave
Indexed By Date Previous: RE: Vendor Product Access
From: Dana Nowell <DanaNowell @ corsof . com>
Next: Re: Encrypted Sessions
From: "K Goertzel" <goertzek @ gateway . wangfed . com>
Indexed By Thread Previous: Another ftp site for swatch, thx to George Colt
From: Michel Lavondes <lavondes @ tidtest . total . fr>
Next: (fwd) Personal Firewall beta available
From: Scott Barman <scott @ Disclosure . COM>
Google
 
Search Internet Search www.greatcircle.com