[CentOS] firewall issue

Sun Oct 1 00:18:32 UTC 2006
Jim Perrin <jperrin at gmail.com>

> My problem is that I am not sure how to resolve this. I have not done
> any configuration with iptables before. In the
> file /etc/sysconfig/iptables are the lines:
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049
> and there are not any deny lines above these. I think those lines were
> added when I ran system-config-securitylevel-tui. Those are the only
> lines that I can find that mention port 2049 or nfs.
> Those lines look to me like they are for accepting incoming connections
> only. Is that correct?
> What do I need to do so that I can do the nfs export out of this box?

These lines accept NEW connections. If the connection lags/times out
but does not start again as 'new', it may be blocked. You should
consider just allowing 2049 from a particular subnet, without other
constraints on the packets.

NFS is also a bit like ftp, and likes to play with random ports, which
tend to make firewalls angry. You'll want something in
/etc/sysconfig/nfs like the following:


Obviously you'll need to salt this to taste, and ensure that ports
4000:4004 are open (in this example) as well in your firewall.

During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell