I have not tried NFS under netware.

Riddle me this: If port 111 is blocked at the router, then isn't 
the router acting as a [crude] firewall (in an abstract sense)?
It is enacting a policy in that it is inspecting packets and dropping
those destined for port 111.  That meets the definition of a firewall.
Granted, it's not a particularly good firewall.

To answer the question, that is an improvement, but I have some
reservations about it.  I would be tweaking the IPChains/IPTables
rules big time, and using two NICs.  Like this:

           80         80       20, 21,
           443        443      22, 111, etc
INTERNET-----ROUTER-----Web Server----------------File Server

The numbers indicate the ports open on that NIC.

Ideas, comments from the gallery?

George


foodog wrote:
> 
> Thanks, George, I'll give it a shot.  In your opinion, is it possible to
> run NFS securely on a public network?  How about if TCP port 111 is
> blocked at the router?
> 
> One more question since you're here. Have you ever tried NFS under
> Netware?  I got that running with minimal pain, but I don't have a
> Solaris box to compare its performance with.
> 
> Thanks again,
> 
> Steve
> 
> FWIW, an iso of Netware 6 beta 3 is available for free download. Comes
> with lots of nifty things: Novell's webserver, Apache w/ Tomcat, native
> support for Windows, Macs and NFS, luser-friendly printing stuff (BFD),
> secure web-based file access and admin, improved clustering & SMP, etc.
> etc.  On merit, it should stomp Windows/Hailstorm, but I'm not holding
> my breath.
> 
> George Toft wrote:
> >
> > The description in the Linux Network Admin Guide (ch 11) is simple and
> > worked without tweeks/hacks.  First time I tried it was on a single
> > computer.  Worked really well.  Then I tried it in a mixed environment,
> > Linux/Solaris.  Solaris NFS code seems to run much faster than Linux'.
> >
> > George's Simple How To:
> > Server: Put the directory you want to export in /etc/exports
> >         Make sure portmapper is running.
> > Client: Make sure /etc/rc3.d/S25nfs is enabled
> >         mount -t nfs server:/directory mountpoint
> >
> > Warning: Don't even THINK about putting either of these on your
> > firewall.
> >
> > George
> >
> > foodog wrote:
> > >
> > > Gary Nichols wrote:
> > > >
> > > > Alan,  good luck on your project and please keep us PLUG'ers posted on
> > > > your progress.  Your home sounds like the perfect test bed for this
> > > > concept.  :-)  I was thinking of doing something similar for my girls
> > > > but I can't get them off the computers long enough to do a reconfig.
> > > > :-)  I'm still wondering why my 13-year old is thumbing through my
> > > > vi/bash books.... *grin*  Ok, I know why.  hehehe  She's living with a
> > > > linux geek.
> > > >
> > > > Anyone else thinking of trying this?
> > >
> > > I burned the CDs in July but I'm still waiting for the mythical Free
> > > Time to try it :-)
> > >
> > > I don't have the spare hardware at home, and haven't built it a firewall
> > > to live behind at work.  I'm hoping to stumble across a "NFS for the
> > > paranoid mini-HOWTO".
> > >
> > > Steve
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> 
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss