Hi there, I do have some influence over the nfs server, (it's my backup server) so that wouldn't be a big problem. My second question would be what the IP table rule settings would be on the server :) On Tue, 2003-08-05 at 10:17, Sven Riedel wrote: > On Tue, Aug 05, 2003 at 08:36:59AM +0200, Rob Verduijn wrote: > > What would be the rule setting I need to mount a remote nfs share when I > > am using connection tracking and a default DROP policy? > > First, since NFS uses RPCs you need to know what ports rpc.mountd, > rpc.statd and maybe rpc.lockd are running on. If you have influence over > the server, try setting the ports explictly (invoke the daemons with the > -p flag. Works with statd and mountd, lockd is a bit more tricky). > > Otherwise the ports are > allocated dynamically and the client has to ask the remote portmapper > where the daemons are listening. Any rules in this case are only valid > as long as the rpc-services on the nfs-server aren't restarted. > > You'll have to allow the following ports: > udp/2049: nfs > tcp/2049: nfs, if you're using nfs over tcp, nfs v3 and up > udp/111: portmap/sunrpc > tcp/111: portmap/sunrpc > udp/<rpc.statd> > tcp/<rpc.statd> > udp/<rpc.mountd> > tcp/<rpc.mountd> > and maybe: > udp/<rpc.lockd> > tcp/<rpc.lockd> > > Regs, > Sven >
