[CentOS] firewalled NFS

mouss mouss at netoyen.net
Wed Jun 4 18:28:36 UTC 2008


Jordi Prats wrote:
> I've no iptables, I'm using a PIX to firewall them :)
>   

did you open the ports on the pix?

> On Wed, Jun 4, 2008 at 1:53 AM, Jay Leafey <jay.leafey at mindless.com> wrote:
>   
>> Jordi Prats wrote:
>>     
>>> Hi,
>>> I'm trying to setup a firewalled NFS server. I've configured my server
>>> (CentOS 5) using the following parameters
>>> /etc/sysconfig/nfs
>>> MOUNTD_NFS_V1="no"
>>> MOUNTD_NFS_V2="no"
>>> RQUOTAD_PORT=875
>>> LOCKD_TCPPORT=32803
>>> LOCKD_UDPPORT=32769
>>> RPCNFSDCOUNT=64
>>> MOUNTD_PORT=892
>>> STATD_PORT=662
>>> STATD_OUTGOING_PORT=2020
>>> SECURE_NFS="yes"
>>>
>>>
>>> modprobe.conf:
>>> options lockd nlm_udpport=4001 nlm_tcpport=4001
>>>
>>>
>>> But it does not mount it:
>>> # mount 172.20.0.150:/tmp/ /mnt/tmp/
>>> mount: mount to NFS server '172.20.0.150' failed: timed out (giving up).
>>>
>>> There's anything else I must setup to use fixed ports ?
>>>
>>> Thanks,
>>>       
>> It may be an obvious question, but did you open the ports in iptables? I use
>> a similar scheme on my NFS servers to "fix" the ports and it just doesn't
>> work at ALL unless those ports are opened up in iptables.  I use different
>> ports, but here's the lines I inserted into my /etc/sysconfig/iptables file
>> to get NFS working on the server:
>>
>>     
>>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp -s
>>> 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT
>>> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp -s
>>> 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT
>>>       
>> You'll have to alter the '--dports' and '-s' parameters to match the ports
>> and IP address range you are using.
>>
>> Hope that helps!
>> --
>> Jay Leafey - Memphis, TN
>> jay.leafey at mindless.com
>>
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> http://lists.centos.org/mailman/listinfo/centos
>>
>>
>>     
>
>
>
>   




More information about the CentOS mailing list