(Illustration by Gaich Muramatsu)
wallner_at_speed-link.de said: | after setting up coda with help from this list I have another | question. Is it possible to use coda with access control facilities | like tcp_wrappers or something similar? Or do I have to use ACLs to | achieve this. | What I want is to make it impossible for any machine not on my subnet | to mount /coda. Hi Florian, I don't know how tcpwrappers would fit into Coda, most communication is over UDP, and you probably wouldn't want a double reverse domain lookup on every rpc2 message. However, I noticed that portmap/nfs on Redhat is using tcpwrappers with UDP traffic, so it would be possible to use it. Currently the easiest way to make sure people outside of your subnet cannot mount your filesystem is to use firewall rules on the coda server machines to block off any access to udp port 2432 from outside the subnet. Here are examples for Linux, because I don't know how to do this on FreeBSD or NetBSD. <my_subnet> is something similar to 128.2.0.0/16, or 10.10.10.0/24. linux 2.0.x: ipfwadm -I -a accept -P udp -S <my_subnet> -D 0.0.0.0/0 2432 ipfwadm -I -a reject -P udp -D 0.0.0.0/0 2432 linux 2.1.x: ipchains -N coda ipchains -A coda -s <my_subnet> -j RETURN ipchains -A coda -j REJECT ipchains -A input -p udp --destination-port 2432 -j coda JanReceived on 1999-03-29 13:17:48