El vie, 28 de 01 de 2005 a las 18:50, Jeffrey Laramie escribiÃ: > Hi All, > > I've been fighting the good fight trying to maintain nfs connections though my > firewall but I'm not winning. Every time I think I have opened the ports I > need nfs (portmapper?) uses a different port. My questions: > > 1. Is there a netfilter patch for tracking nfs ports similar to the one for > ftp? > > 2. If not, can someone point me to a list of ports used by nfs so that I can > open up what I need once and for all? > > Thanks > > Jeff NFS uses the ports 2049/tcp 2049/udp, but you can obtain them from the server using rpcinfo with: rpcinfo -p localhost|grep "nfs"|grep "tcp"|tr ' ' '\n'|grep -v "nfs"|tail -n 2|head -n 1 rpcinfo -p localhost|grep "nfs"|grep "udp"|tr ' ' '\n'|grep -v "nfs"|tail -n 2|head -n 1 and for the services quota, lock, stat and mount we use the same method but changing the grep "nfs" by grep "mount", by example. Lockd only uses udp, quota uses tcp and udp, mount uses tcp and udp and stat uses also tcp and udp. For portmap we use the same method but changing nfs by portmapper. It uses tcp and udp. Normally it uses 111/tcp and 111/udp. This is the method we use in our GPL bastion-firewall software to find the ports. Regards. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
