On Sat, 2006-09-30 at 20:18 -0400, Jim Perrin wrote: > > In the file /etc/sysconfig/iptables are the lines: > > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 > > -j ACCEPT > > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 > > -j ACCEPT > > > > and there are not any deny lines above these. I think those lines were > > added when I ran system-config-securitylevel-tui. Those are the only > > lines that I can find that mention port 2049 or nfs. > These lines accept NEW connections. If the connection lags/times out > but does not start again as 'new', it may be blocked. You should > consider just allowing 2049 from a particular subnet, without other > constraints on the packets. > > NFS is also a bit like ftp, and likes to play with random ports, which > tend to make firewalls angry. You'll want something in > /etc/sysconfig/nfs like the following: > > STATD_PORT=4000 > STATD_OUTGOING_PORT=4004 > LOCKD_TCPPORT=4001 > LOCKD_UDPPORT=4001 > MOUNTD_PORT=4002 > > Obviously you'll need to salt this to taste, and ensure that ports > 4000:4004 are open (in this example) as well in your firewall. Jim, Thanks for the information. Unfortunately, I tried this (and I thought I did it right) and I am still having the same firewall problem. Evidently, I am still doing something wrong. Since I haven't done this before, I am sure that I am missing something, but at this point, I am not sure what. I added the /etc/sysconfig/nfs file with your lines (it wasn't there before). I changed the /etc/sysconfig/iptables to point to ports 4000:4004 instead of 2049 for both TCP and UDP. I left the rest of those lines, and everything else, in iptables the same. After making the changes, I have restarted the nfs, nfslock and iptables services. I also did an exportfs -ra after making the changes. Not sure what else to do at this point. -- Doug Registered Linux User #285548 (http://counter.li.org) ---------------------------------------- Random Thought: QOTD: "When she hauled ass, it took three trips."