RE: NFS and denying access to subnets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 

> -----Original Message-----
> From: fedora-list-bounces@xxxxxxxxxx 
> [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Neil Marjoram
> Sent: Thursday, September 29, 2005 9:31 AM
> To: fedora-list@xxxxxxxxxx
> Subject: NFS and denying access to subnets
> 
> OK I've been trying for ages now but I just can't seem to get 
> this into my head.
> 
> I have 8 subnets on my network 10.1.1.0 mask is 
> 255.255.255.224 or /27, I would like all but one of these 
> subnets to be able to mount from my NFS server. So I thought 
> I'd add the relevant lines into /etc/hosts.allow and /etc/hosts.deny;
> 
> It's long, so I've shortened it.
> /etc/host.allow
> portmap:10.1.1.0/255.255.255.224
> lockd:10.1.1.0/255.255.255.224
> mountd:10.1.1.0/255.255.255.224
> rquoted:10.1.1.0/255.255.255.224
> statd:10.1.1.0/255.255.255.224
> portmap:10.1.1.32/255.255.255.224
> lockd:10.1.1.32/255.255.255.224
> mountd:10.1.1.32/255.255.255.224
> rquoted:10.1.1.32/255.255.255.224
> statd:10.1.1.32/255.255.255.224
> 
> And all the other 5 networks.
> 
> And in the /etc/hosts.deny
> 
> portmap:10.1.1.160/255.255.255.224
> lockd:10.1.1.160/255.255.255.224
> mountd:10.1.1.160/255.255.255.224
> rquoted:10.1.1.160/255.255.255.224
> statd:10.1.1.160/255.255.255.224
> 
> I have restarted NFS and Portmap, but alas those systems on 
> the 160 network can still mount and see nfs mounts.
> 
> Am I barking up the wrong tree and is there an easier way to 
> accomplish this ?
> 
> Many thanks
> 
> Neil.
> 

whats your /etc/exports look like?  I think you can do the following:

/home 10.1.1.32/255.255.255.224(rw)
/home 10.1.1.160/255.255.255.224(noaccess)


	-Mike



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux