Hi Rob, > My second question would be what the IP table rule settings would be on > the server :) > > udp/2049: nfs > > tcp/2049: nfs, if you're using nfs over tcp, nfs v3 and up > > udp/111: portmap/sunrpc > > tcp/111: portmap/sunrpc > > udp/<rpc.statd> > > tcp/<rpc.statd> iptables -A FORWARD -s <source> -d <dest> -p udp --dport 2049 -j ACCEPT iptables -A FORWARD -s <source> -d <dest> -p tcp --dport 2049 -j ACCEPT iptables -A FORWARD -s <source> -d <dest> -p udp --dport 111 -j ACCEPT Et cetera, for each connection which needs to be allowed, from the list which Sven gave you. > > First, since NFS uses RPCs you need to know what ports rpc.mountd, > > rpc.statd and maybe rpc.lockd are running on. If you have influence over > > the server, try setting the ports explictly (invoke the daemons with the > > -p flag. Works with statd and mountd, lockd is a bit more tricky). You can disable locking on the client by mounting with the "-o nolock" flag, which removes the need to fix a port for lockd or allow connections to it. Cheers, Chris. -- ___ __ _ / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | / (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk | \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
