David Liontooth wrote:
Is it possible to access an NFS (v.3) server on a private network from a
machine on a public network?
It turns out to be a lot simpler than I thought -- no need to worry
about lockd, portmap, or statd.
On the host A, set the mount port in /etc/default/nfs-kernel-server:
RPCMOUNTDOPTS="--port 4000"
In the gateway G's /etc/network/if-up.d/00-firewall, forward the NFS and
the mountd ports
# NFS: Forward udp on port 2049 to A on the private network
iptables -t nat -A PREROUTING -p udp -d 128.65.183.178 --dport 9101
-j DNAT --to 192.168.0.3:2049
# Forward tcp and udp for mountd on A (port assigned in
A:/etc/default/nfs-common)
iptables -t nat -A PREROUTING -p tcp -d 128.65.183.178 --dport 9201
-j DNAT --to 192.168.0.3:4000
iptables -t nat -A PREROUTING -p udp -d 128.65.183.178 --dport 9201
-j DNAT --to 192.168.0.3:4000
In the client B's /etc/hosts, define an alias for the NFS host behind
the firewall, using the IP address of the gateway:
128.65.183.178 a.fully.qualified.domain.name A
And in the client B's /etc/fstab, define the mount, adding the gateway's
ports that forward NFS and mount to the host:
A:/db1 /mnt/a1 nfs
noauto,user,exec,rw,rsize=16k,wsize=16k,hard,intr,port=9101,mountport=9201
0 0
Works beautifully and transparently. Or does someone spot a potential
problem?
Cheers,
Dave
