overflow34
asked on
HP-UX 11i NFS ports through Firewall
Hello all,
We have an HP-UX 11i server running inside of our private area with files on it. We have a Linux Enterprise Server 3 in our DMZ. We want to set up a nfs mount between the two. The linux server will mount a drive from the HP-UX machine. I would like to know how to lock down the default ports that is used on the HP-UX machine to listen on so that we can open a default set of ports from the DMZ to the private space. Everything is open from Private to DMZ. I would like to know commands used and files that need to be created mostly on the HP-UX machine to make this happen. We have done this with linux to linux and were able to open a set of ports that we specified from dmz to private but we mounted the dmz dirve on the private machine.
I am not the Unix guy so I will have to relay with our Unix team which will delay my reply back. They don't know how to do it and asked me because I do network security.
Thank you for the help.
Overflow.
We have an HP-UX 11i server running inside of our private area with files on it. We have a Linux Enterprise Server 3 in our DMZ. We want to set up a nfs mount between the two. The linux server will mount a drive from the HP-UX machine. I would like to know how to lock down the default ports that is used on the HP-UX machine to listen on so that we can open a default set of ports from the DMZ to the private space. Everything is open from Private to DMZ. I would like to know commands used and files that need to be created mostly on the HP-UX machine to make this happen. We have done this with linux to linux and were able to open a set of ports that we specified from dmz to private but we mounted the dmz dirve on the private machine.
I am not the Unix guy so I will have to relay with our Unix team which will delay my reply back. They don't know how to do it and asked me because I do network security.
Thank you for the help.
Overflow.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you both for the information. I am looking for the files I can modify to change the default ports to the ports that we want to allow. As in change the default range to 30000-300010. After rereading my post I know I did not explain this very well.
I also went ahead an awarded the points to both of you for all your help. My company sent me out of town so instead of abandoing the question I decided to close it with the good information that was provided and open another to get the files to change the default port when I get back in town.
Thank you,
overflow34
I also went ahead an awarded the points to both of you for all your help. My company sent me out of town so instead of abandoing the question I decided to close it with the good information that was provided and open another to get the files to change the default port when I get back in town.
Thank you,
overflow34
There is little you can change with default TCP ports.
inetd does rpc services based on inetd.conf and /etc/rpc , but ports can be fairly random, i.e rpcinfo only shows which port actual service uses, and then NFS mount connects to that.
inetd does rpc services based on inetd.conf and /etc/rpc , but ports can be fairly random, i.e rpcinfo only shows which port actual service uses, and then NFS mount connects to that.
And paying attention that connections can be originated from low ports <1024 too.