Bug 71222 - RFE: an option to lokkit to set up allowing of mounting nfs shares from servers
Summary: RFE: an option to lokkit to set up allowing of mounting nfs shares from servers
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: gnome-lokkit   
(Show other bugs)
Version: 7.3
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact: Ben Levenson
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2002-08-10 11:37 UTC by Thomas Vander Stichele
Modified: 2014-03-17 02:29 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-08-12 22:55:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Thomas Vander Stichele 2002-08-10 11:37:55 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/20020606

Description of problem:
Since, when trying to mount an nfs share, the mountd daemon on the server
chooses a random udp port number which the client needs to allow access to, the
default ipchains configuration in lokkit prevents the user from mounting nfs shares.

A simple solution would be to allow lokkit to select nfs servers, and open up
those udp ports from that server.  This is a lot less a security risk than the
consensus I read in mailing list archives and on newsgroups, which tells people
to turn ipchains off completely for mounting nfs shares.

I added to /etc/sysconfig/ipchains the following line
-A input -s -d 0/0 0:1023 -p udp -j ACCEPT

right before this line put in by lokkit :
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT

This allows my machine to mount nfs shares served by the server at

I suspect adding this to lokkit should be very simple, hopefully it'll be doable
before the next (7.4/8.0) release ;)

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. run lokkit and set up a default firewall
2. activate ipchains (service ipchains start)
3.  try to mount an nfs share

Actual Results:  got an RPC: Timed out error after some time

Expected Results:  it should work

Additional info:

This is an enhancement proposal to lokkit.  Adding the option of selecting known
nfs servers and punching them through the firewall rules would be a good feature
as this seems to confuse a whole lot of people out there.

Comment 1 Mike A. Harris 2002-08-10 18:19:33 UTC
Not an ipchains issue.  Reassigning to gnome-lokkit

Comment 2 Bill Nottingham 2002-08-12 20:40:38 UTC
Won't be done for this release; we really aren't in a position to change th UI
at this point.

*** This bug has been marked as a duplicate of 52110 ***

Comment 3 Thomas Vander Stichele 2002-08-12 21:34:48 UTC
Hm, can I get some more feedback on this ? You marked this bug as a duplicate of
another bug, which was filed "not doable".  First of all, I think it's very much
doable, as I just proposed.  Second, judging from the amount of posts on it on
dejanews and other places, it's a very real issue, which is getting "fixed" by
turning off iptables.  Third, I can understand that it might be too late to
change the UI (even though the impact is minimal) for the next release, but AT
LEAST consider it for the release after that.  People will thank you ;)

Comment 4 Bill Nottingham 2002-08-12 22:57:14 UTC
Hm, OK.

Note You need to log in before you can comment on or make changes to this bug.