From 3d866c4bbb8fec8e9580278429a2d94b31ec9570 Mon Sep 17 00:00:00 2001 From: Joe Brockmeier Date: Sat, 28 Jul 2012 18:02:13 -0400 Subject: [PATCH] CS-15522 - fixing NFS settings to be less dangerous --- docs/runbook/en-US/Environment.xml | 49 ++++++++++++------------------ 1 file changed, 20 insertions(+), 29 deletions(-) diff --git a/docs/runbook/en-US/Environment.xml b/docs/runbook/en-US/Environment.xml index 9048e1aa0a2..99161d9cb69 100644 --- a/docs/runbook/en-US/Environment.xml +++ b/docs/runbook/en-US/Environment.xml @@ -68,6 +68,13 @@ ONBOOT="no" configure that file so that it specifies the IP address, netmask, etc., as shown in the following example: + + Hardware Addresses + You should not use the hardware address (aka MAC address) from our example + for your configuration. It is network interface specific, so you should keep the + address already provided in the HWADDR directive. + + DEVICE=eth0 HWADDR=52:54:00:B9:A6:C0 @@ -77,6 +84,8 @@ BOOTPROTO=none IPADDR=172.16.10.2 NETMASK=255.255.255.0 GATEWAY=172.16.10.1 +DNS1=8.8.8.8 +DNS2=8.8.4.4 IP Addressing @@ -89,26 +98,10 @@ GATEWAY=172.16.10.1 192.168.55.2 - - Hardware Addresses - You should not use the hardware address (aka MAC address) from our example - for your configuration. It is network interface specific, so you should keep the - address already provided in the HWADDR directive. - - Now that we have the configuration files properly set up, we need to run a few commands to start up the network # chkconfig network on # service network start - This should bring the network up successfully, but we now need to enable name resolution. - To do that we will edit /etc/resolv.conf. These instructions will add - one of the nameservers from Google, though you are free to add a local nameserver if you wish. - Your /etc/resolv.conf should modified to look like: - - -nameserver 8.8.8.8 - -
Hostname @@ -195,8 +188,6 @@ SELINUXTYPE=targeted # mkdir /primary # mkdir /secondary -# chmod 777 /primary -# chmod 777 /secondary CentOS 6.x releases use NFSv4 by default. NFSv4 requires that domain setting matches on all clients. In our case, the domain is cloud.priv, so ensure that the domain setting in /etc/idmapd.conf @@ -215,17 +206,17 @@ STATD_OUTGOING_PORT=2020 Edit the file /etc/sysconfig/iptables --A INPUT -m state --state NEW -p udp --dport 111 -j ACCEPT --A INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT --A INPUT -m state --state NEW -p tcp --dport 2049 -j ACCEPT --A INPUT -m state --state NEW -p tcp --dport 32803 -j ACCEPT --A INPUT -m state --state NEW -p udp --dport 32769 -j ACCEPT --A INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT --A INPUT -m state --state NEW -p udp --dport 892 -j ACCEPT --A INPUT -m state --state NEW -p tcp --dport 875 -j ACCEPT --A INPUT -m state --state NEW -p udp --dport 875 -j ACCEPT --A INPUT -m state --state NEW -p tcp --dport 662 -j ACCEPT --A INPUT -m state --state NEW -p udp --dport 662 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 111 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 111 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 2049 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 32803 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 32769 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 892 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 892 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 875 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 875 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p tcp --dport 662 -j ACCEPT +-A INPUT -s 172.16.10.0/24 -m state --state NEW -p udp --dport 662 -j ACCEPT Now you can restart the iptables service with the following command: