Hi, What I´ll do is tcpdump filtering to the ip of the WinXp client and try to mount it. You´ll see the ports the client is trying and then I´ll open it on the firewall (or investigate why they are using these ports) HTH, ESG 2009/7/16 Blackburn, Marvin <mblackburn@xxxxxxxxxxxxx> > I have set up an nfs server with an iptables firewall for an rhel 5.3 > system with the following rules: > > ACCEPT tcp -- 172.20.8.0/24 anywhere state NEW > tcp dpt:nfs /* nfsd */ > > ACCEPT tcp -- 172.20.8.0/24 anywhere state NEW > tcp dpt:sunrpc > > ACCEPT udp -- 172.20.8.0/24 anywhere state NEW > udp dpt:sunrpc > > ACCEPT tcp -- 172.20.8.0/24 anywhere state NEW > tcp dpt:maxim-asics > > ACCEPT udp -- 172.20.8.0/24 anywhere state NEW > udp dpt:maxim-asics > > ACCEPT tcp -- 172.20.8.0/24 anywhere state NEW > tcp dpt:892 > > ACCEPT udp -- 172.20.8.0/24 anywhere state NEW > udp dpt:892 > > ACCEPT tcp -- 172.20.8.0/24 anywhere state NEW > tcp dpt:875 > > ACCEPT udp -- 172.20.8.0/24 anywhere state NEW > udp dpt:875 > > ACCEPT tcp -- 172.20.8.0/24 anywhere state NEW > tcp dpt:pftp > > ACCEPT udp -- 172.20.8.0/24 anywhere state NEW > udp dpt:pftp > > > > If I use another rhel 5.3 client I can mount the exported "folder" and > navigate through it; however, I use the windows xp client (sfu) I get a > permission denied. > > It apparently authenticates, presents the folder, but when you try to > get into it, it has permission denied. If I turn off the firewall it > works. > > > > Has anyone else had this problem and successfully navigated around it? > (I don't want to turn off the firewall, and I don't want to implement > cifs for the users this effects). > > > > The contents of my /etc/sysconfig/nfs file are: > > > > RQUOTAD_PORT=875 > > LOCKD_TCPPORT=32803 > > LOCKD_UDPPORT=32769 > > MOUNTD_PORT=892 > > STATD_PORT=662 > > STATD_OUTGOING_PORT=2020 > > > > And I have nfs, portmap, and rpcsvcgssd. > > > > _____________________________________ > "He's no failure. He's not dead yet." > William Lloyd George > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjectunsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list