Bonjour a Tous,
Found something weird today.
I upgrade (yesterday) 2 hosts to 2.2.14, NFS stopped to work (reading directory
contents or reading file)!
The firewall trace show up
Mar 19 21:01:58 hostV kernel: Packet log: input REJECT eth0 PROTO=17 X.Y.Z.T:65535 Z.Y.Z.V:65535 L=624 S=0x00 I=14849 F=0x00B9 T=64 (#21)
So, seems there is now a new UPD protocol line using port 65535 for
NFS.
OK!, lets adjust the firewall to add a rule (on X.Y.Z.V)
ipchains -A input -i eth0 -p udp -s X.Y.Z.T/32 65535 -d Z.Y.Z.V/32 65535 -j ACCEPT -l
No luck.... the only way is to say
ipchains -A input -i eth0 -p udp -s X.Y.Z.T/32 0:65535 -d Z.Y.Z.V/32 0:65535 -j ACCEPT -l
Which is not really a protection :-}}.
What am I missing here?, do we have a real problem standing between
ipchain and kernel using service 65535?
BTW, I checked /proc/net/ip_fwchains, and the rule was really
inside (so ipchains (1.3.8, 27-Oct-1998) seems not guilty...)
Thanks for any hints.
A bientot
==========================================================================
Jean-Marc Pigeon Internet: Jean-Marc.Pigeon@safe.ca
SAFE Inc. Phone: (514) 493-4280 Fax: (514) 493-1946
REGULUS, a real time accounting/billing package for ISP
REGULUS' Home base <"http://www.regulus.safe.ca">
==========================================================================
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Thu Mar 23 2000 - 21:00:28 EST