of course... On Wed, Jun 4, 2008 at 8:28 PM, mouss <mouss at netoyen.net> wrote: > Jordi Prats wrote: >> >> I've no iptables, I'm using a PIX to firewall them :) >> > > did you open the ports on the pix? > >> On Wed, Jun 4, 2008 at 1:53 AM, Jay Leafey <jay.leafey at mindless.com> >> wrote: >> >>> >>> Jordi Prats wrote: >>> >>>> >>>> Hi, >>>> I'm trying to setup a firewalled NFS server. I've configured my server >>>> (CentOS 5) using the following parameters >>>> /etc/sysconfig/nfs >>>> MOUNTD_NFS_V1="no" >>>> MOUNTD_NFS_V2="no" >>>> RQUOTAD_PORT=875 >>>> LOCKD_TCPPORT=32803 >>>> LOCKD_UDPPORT=32769 >>>> RPCNFSDCOUNT=64 >>>> MOUNTD_PORT=892 >>>> STATD_PORT=662 >>>> STATD_OUTGOING_PORT=2020 >>>> SECURE_NFS="yes" >>>> >>>> >>>> modprobe.conf: >>>> options lockd nlm_udpport=4001 nlm_tcpport=4001 >>>> >>>> >>>> But it does not mount it: >>>> # mount 172.20.0.150:/tmp/ /mnt/tmp/ >>>> mount: mount to NFS server '172.20.0.150' failed: timed out (giving up). >>>> >>>> There's anything else I must setup to use fixed ports ? >>>> >>>> Thanks, >>>> >>> >>> It may be an obvious question, but did you open the ports in iptables? I >>> use >>> a similar scheme on my NFS servers to "fix" the ports and it just doesn't >>> work at ALL unless those ports are opened up in iptables. I use >>> different >>> ports, but here's the lines I inserted into my /etc/sysconfig/iptables >>> file >>> to get NFS working on the server: >>> >>> >>>> >>>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -m multiport -p tcp >>>> -s >>>> 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT >>>> -A RH-Firewall-1-INPUT -m state --state NEW -m udp -m multiport -p udp >>>> -s >>>> 192.168.1.0/24 --dports 111,2049,4000,4001,4002,4003 -j ACCEPT >>>> >>> >>> You'll have to alter the '--dports' and '-s' parameters to match the >>> ports >>> and IP address range you are using. >>> >>> Hope that helps! >>> -- >>> Jay Leafey - Memphis, TN >>> jay.leafey at mindless.com >>> >>> _______________________________________________ >>> CentOS mailing list >>> CentOS at centos.org >>> http://lists.centos.org/mailman/listinfo/centos >>> >>> >>> >> >> >> >> > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Jordi