Bill Davidsen wrote:
You'll probably need to:
1) Learn about port "pinning" for NFS (so it always uses the same ports).
Since the GUI doesn't know about this, it doesn't solve the problem of
avoiding mixing GUI and manual firewall configuration, if I have to do
any of it by hand I'll do it all by hand, I'm dubious about using the
same rules for forwarding as INPUT anyway.
Bill,
The port-pinning is not handled by iptables, and no firewall tool will
do it for you. You will need to configure port pinning in the various
/etc files that control the NFS server and the RPC services (I forget
which files).
Once you've pinned the ports, then open them in the firewall. You can do
that by hand if you want, but using firestarter is much easier, in my
experience.
The two tasks are cleanly separated.
- Mike
