Re: [CentOS] NFS client firewall config?

18 Feb 2010

      On Thursday 18 February 2010 11:00:53 Rudi Ahlers wrote:
...
Hi all,
Which ports do I need to have open on an NFS client's firewall to allow it
to connect to a remote NFS servers?
When I disable iptables (using ConfigServerFirewall), it connects fine, but
as soon as I enable it, NFS gives me this error:
root@saturn:[~]$ mount master1.mydomain.co.za:/saturn /bck
mount: mount to NFS server 'master1.mydomain.co.za' failed: RPC Error:
Unable to send.
I have added ports 111 & 2049 in both the TCP & UDP ingres & exgress
 ranges, but that doesn't seem to help. portmap & nfs is running as well.
 But as I say, as soon as I disable the firewall, it mounts fine.
Google search results reveal a lot of different ports, like 4000:4004,
83xxxx (something, I forgot) but it still doesn't help.
root@saturn:[~]$ rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100021    1   udp  48996  nlockmgr
    100021    3   udp  48996  nlockmgr
    100021    4   udp  48996  nlockmgr
    100021    1   tcp  47195  nlockmgr
    100021    3   tcp  47195  nlockmgr
    100021    4   tcp  47195  nlockmgr
    100011    1   udp   4004  rquotad
    100011    2   udp   4004  rquotad
    100011    1   tcp   4004  rquotad
    100011    2   tcp   4004  rquotad
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100005    1   udp   4003  mountd
    100005    1   tcp   4003  mountd
    100005    2   udp   4003  mountd
    100005    2   tcp   4003  mountd
    100005    3   udp   4003  mountd
    100005    3   tcp   4003  mountd
Hi,
NFS by default uses random high numbered ports. See "48996  nlockmgr" above. 
You need to tie them down to allow them through your firewall
Create the following file /etc/sysconfig/nfs
#/etc/sysconfig/nfs
# Created 05.07.05 by Tony Molloy
# Number of NFS threads to run
RPCNFSDCOUNT=48
# ports for statd daemon
STATD_PORT=4000
STATD_OUTGOING_PORT=4004
# ports for lockd daemon
LOCKD_TCPPORT=4001
LOCKD_UDPPORT=4001
# ports for mountd daemon
#MOUNTD_NFS_V2=no
#MOUNTD_NFS_V3=no
MOUNTD_PORT=4002
# ports for rquota daemon
#RQUOTAD=no
RQUOTAD_PORT=4003
Then open ports 4000:4004 in you firewall as well as port 111 the portmapper 
and port 2049 for NFS
Hope this helps,
Tony
-- 

Chief Technical Officer.                   Tel: +353 061-202778
Dept. of Comp. Sci.
University of Limerick.

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Re: [CentOS] NFS client firewall config?