Re: IPF Rules with a NFS Cluster

>
> I have some experience with Solaris and VCS and Sun Cluster and NFS
> behind a firewall. It's not pretty. Your biggest problem is going to
> be the RPC Portmapper which assigns RPC service ports. These ports can
> and do change every time the NFS server is rebooted. Your best bet is
> to configure your NFS server to use public ports, or wait for NFS v4
> which was designed to be used in a firewalled environment.

Another way to handle this would be to configure the system to boot up
with a basic set of IPF rules. Then, after the NFS services have
started, run a script (out of 'rc.local', or something) that parses
the output of "rpcinfo -p localhost" for the port numbers used by the
NFS RPC services, and then builds a new set or IPF rules using those
numbers. I haven't tried that, but it shouldn't be too hard.

David S.

>