My problem is that I am not sure how to resolve this. I have not done any configuration with iptables before. In the file /etc/sysconfig/iptables are the lines: -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT and there are not any deny lines above these. I think those lines were added when I ran system-config-securitylevel-tui. Those are the only lines that I can find that mention port 2049 or nfs. Those lines look to me like they are for accepting incoming connections only. Is that correct? What do I need to do so that I can do the nfs export out of this box?
These lines accept NEW connections. If the connection lags/times out but does not start again as 'new', it may be blocked. You should consider just allowing 2049 from a particular subnet, without other constraints on the packets. NFS is also a bit like ftp, and likes to play with random ports, which tend to make firewalls angry. You'll want something in /etc/sysconfig/nfs like the following: STATD_PORT=4000 STATD_OUTGOING_PORT=4004 LOCKD_TCPPORT=4001 LOCKD_UDPPORT=4001 MOUNTD_PORT=4002 Obviously you'll need to salt this to taste, and ensure that ports 4000:4004 are open (in this example) as well in your firewall. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
