Automating Red Hat updates (was Re: A call for recomendations and helpful some advice)

Jason Stephenson jason at sigio.com
Wed Mar 26 09:36:35 EST 2003


Cole Tuininga wrote:
> A related question though.  Can I mount an nfs drive from behind a nat
> box?

The short answer: Yes.

The longer answer: Depends.

If you're going through the NAT, depends a lot one which way you're 
going for how easy it is to set up. If you are going from inside a NAT'd 
LAN to the Internet to get to the NFS machine, then you probably don't 
need to do anything if youre NAT and firewall are already set up to 
automatically handle returns on request going out.

If you're going the other way, connecting to a NAT'd NFS server from a 
machine on the Internet, then you just need to make sure that NFS is 
redirected to the appropriate machine. You'll also want firewall rules 
on the NAT box to keep out any unwanted IPs on the NFS server. Even on a 
campus WAN, we had problems with NFS mounts going to one building in 
particular. It seems none of the machines could NFS mount anything 
outside that building, though every other 'Net protocol that we tried 
worked about as expected.

BTW, I would not recommened using NFS over the open Internet. NFS is a 
bit slow and a bit unreliable at times and connections are likely to 
time out when going very far over the open 'Net. You may want to look 
into Andrew's File System, which I've heard is more reliable than NFS.

Another, probably better, possibility is to mirror the 
updates.redhat.com on the machine behind a NAT and setup either the 
current daemon or the nrh-update daemon that was mentioned by Jeff 
MacDonald last night. Then, you can somehow point up2date on your 
machine outside the firewall at the daemon running behind your firewall. 
You will likely need to modify your NAT set up for that to work.




More information about the gnhlug-discuss mailing list