[CentOS] firewalled NFS
Jay Leafey
jay.leafey at mindless.com
Tue Jun 3 23:53:10 UTC 2008
Jordi Prats wrote:
> Hi,
> I'm trying to setup a firewalled NFS server. I've configured my server
> (CentOS 5) using the following parameters
> /etc/sysconfig/nfs
> MOUNTD_NFS_V1="no"
> MOUNTD_NFS_V2="no"
> RQUOTAD_PORT=875
> LOCKD_TCPPORT=32803
> LOCKD_UDPPORT=32769
> RPCNFSDCOUNT=64
> MOUNTD_PORT=892
> STATD_PORT=662
> STATD_OUTGOING_PORT=2020
> SECURE_NFS="yes"
>
>
> modprobe.conf:
> options lockd nlm_udpport=4001 nlm_tcpport=4001
>
>
> But it does not mount it:
> # mount 172.20.0.150:/tmp/ /mnt/tmp/
> mount: mount to NFS server '172.20.0.150' failed: timed out (giving up).
>
> There's anything else I must setup to use fixed ports ?
>
> Thanks,
It may be an obvious question, but did you open the ports in iptables?
I use a similar scheme on my NFS servers to "fix" the ports and it just
doesn't work at ALL unless those ports are opened up in iptables. I use
different ports, but here's the lines I inserted into my
/etc/sysconfig/iptables file to get NFS working on the server:
> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp -s 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT
You'll have to alter the '--dports' and '-s' parameters to match the
ports and IP address range you are using.
Hope that helps!
--
Jay Leafey - Memphis, TN
jay.leafey at mindless.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5177 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20080603/0c5565f5/attachment.bin>
More information about the CentOS
mailing list