[CentOS] firewalled NFS

Jay Leafey jay.leafey at mindless.com
Tue Jun 3 23:53:10 UTC 2008

Jordi Prats wrote:
> Hi,
> I'm trying to setup a firewalled NFS server. I've configured my server
> (CentOS 5) using the following parameters
> /etc/sysconfig/nfs
> MOUNTD_NFS_V1="no"
> MOUNTD_NFS_V2="no"
> SECURE_NFS="yes"
> modprobe.conf:
> options lockd nlm_udpport=4001 nlm_tcpport=4001
> But it does not mount it:
> # mount /mnt/tmp/
> mount: mount to NFS server '' failed: timed out (giving up).
> There's anything else I must setup to use fixed ports ?
> Thanks,

It may be an obvious question, but did you open the ports in iptables? 
I use a similar scheme on my NFS servers to "fix" the ports and it just 
doesn't work at ALL unless those ports are opened up in iptables.  I use 
different ports, but here's the lines I inserted into my 
/etc/sysconfig/iptables file to get NFS working on the server:

> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp -s --dports 111,2049,4000,4001,4002,4003 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp -s --dports 111,2049,4000,4001,4002,4003 -j ACCEPT

You'll have to alter the '--dports' and '-s' parameters to match the 
ports and IP address range you are using.

Hope that helps!
Jay Leafey - Memphis, TN
jay.leafey at mindless.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5177 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.centos.org/pipermail/centos/attachments/20080603/0c5565f5/smime.bin

More information about the CentOS mailing list