On Tue, Aug 05, 2003 at 08:36:59AM +0200, Rob Verduijn wrote:
> What would be the rule setting I need to mount a remote nfs share when I
> am using connection tracking and a default DROP policy?
First, since NFS uses RPCs you need to know what ports rpc.mountd,
rpc.statd and maybe rpc.lockd are running on. If you have influence over
the server, try setting the ports explictly (invoke the daemons with the
-p flag. Works with statd and mountd, lockd is a bit more tricky).
Otherwise the ports are
allocated dynamically and the client has to ask the remote portmapper
where the daemons are listening. Any rules in this case are only valid
as long as the rpc-services on the nfs-server aren't restarted.
You'll have to allow the following ports:
udp/2049: nfs
tcp/2049: nfs, if you're using nfs over tcp, nfs v3 and up
udp/111: portmap/sunrpc
tcp/111: portmap/sunrpc
udp/<rpc.statd>
tcp/<rpc.statd>
udp/<rpc.mountd>
tcp/<rpc.mountd>
and maybe:
udp/<rpc.lockd>
tcp/<rpc.lockd>
Regs,
Sven
--
Sven Riedel sr@xxxxxxxx
Liebigstr. 38
30163 Hannover "Python is merely Perl for those who
prefer Pascal to C" (anon)
