[CentOS] firewall setup for nfs
filbranden at gmail.com
Tue Aug 4 14:33:01 UTC 2009
On Tue, Aug 4, 2009 at 10:23, Jerry Geis<geisj at pagestation.com> wrote:
> Below is my firewall rules for iptables.
> everything is working fine except for NFS
> I cannot mount my drive.
> If I turn off iptables I can mount.
You need to also allow access to daemons such as rpc.mountd, rpc.lockd
and rpc.statd, but the problem is that by default those are in random
TCP ports. They can be fixed with configuration in /etc/sysconfig/nfs.
This is the /etc/sysconfig/nfs I am using on an NFS server behind firewall:
And then my iptables rules:
iptables -A FORWARD ... -p tcp -m multiport --dports 111,2049:2054
iptables -A FORWARD ... -p udp -m multiport --dports 111,2049:2054
It works well for me.
I believe some of those (like STATD_OUTGOING_PORT) should really be
set on the client, so I'm not 100% sure that this is the exact
configuration you need, but as I said, it works for me, so I'm fine
More information about the CentOS