Re: firewall setup for nfs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,

On Tue, Aug 4, 2009 at 10:23, Jerry Geis<geisj@xxxxxxxxxxxxxxx> wrote:
> Below is my firewall rules for iptables.
> everything is working fine except for NFS
> I cannot mount my drive.
> If I turn off iptables I can mount.

You need to also allow access to daemons such as rpc.mountd, rpc.lockd
and rpc.statd, but the problem is that by default those are in random
TCP ports. They can be fixed with configuration in /etc/sysconfig/nfs.

This is the /etc/sysconfig/nfs I am using on an NFS server behind firewall:

LOCKD_TCPPORT=2050
LOCKD_UDPPORT=2050
RQUOTAD_PORT=2051
MOUNTD_PORT=2052
STATD_PORT=2053
STATD_OUTGOING_PORT=2054

And then my iptables rules:

iptables -A FORWARD ... -p tcp -m multiport --dports 111,2049:2054
iptables -A FORWARD ... -p udp -m multiport --dports 111,2049:2054

It works well for me.

I believe some of those (like STATD_OUTGOING_PORT) should really be
set on the client, so I'm not 100% sure that this is the exact
configuration you need, but as I said, it works for me, so I'm fine
with it.

HTH,
Filipe
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux