I've no iptables, I'm using a PIX to firewall them :) On Wed, Jun 4, 2008 at 1:53 AM, Jay Leafey <jay.leafey at mindless.com> wrote: > Jordi Prats wrote: >> >> Hi, >> I'm trying to setup a firewalled NFS server. I've configured my server >> (CentOS 5) using the following parameters >> /etc/sysconfig/nfs >> MOUNTD_NFS_V1="no" >> MOUNTD_NFS_V2="no" >> RQUOTAD_PORT=875 >> LOCKD_TCPPORT=32803 >> LOCKD_UDPPORT=32769 >> RPCNFSDCOUNT=64 >> MOUNTD_PORT=892 >> STATD_PORT=662 >> STATD_OUTGOING_PORT=2020 >> SECURE_NFS="yes" >> >> >> modprobe.conf: >> options lockd nlm_udpport=4001 nlm_tcpport=4001 >> >> >> But it does not mount it: >> # mount 172.20.0.150:/tmp/ /mnt/tmp/ >> mount: mount to NFS server '172.20.0.150' failed: timed out (giving up). >> >> There's anything else I must setup to use fixed ports ? >> >> Thanks, > > It may be an obvious question, but did you open the ports in iptables? I use > a similar scheme on my NFS servers to "fix" the ports and it just doesn't > work at ALL unless those ports are opened up in iptables. I use different > ports, but here's the lines I inserted into my /etc/sysconfig/iptables file > to get NFS working on the server: > >> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp -s >> 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT >> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp -s >> 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT > > You'll have to alter the '--dports' and '-s' parameters to match the ports > and IP address range you are using. > > Hope that helps! > -- > Jay Leafey - Memphis, TN > jay.leafey at mindless.com > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > -- Jordi