[CentOS] firewall setup for nfs

Filipe Brandenburger filbranden at gmail.com
Tue Aug 4 14:33:01 UTC 2009


Hi,

On Tue, Aug 4, 2009 at 10:23, Jerry Geis<geisj at pagestation.com> wrote:
> Below is my firewall rules for iptables.
> everything is working fine except for NFS
> I cannot mount my drive.
> If I turn off iptables I can mount.

You need to also allow access to daemons such as rpc.mountd, rpc.lockd
and rpc.statd, but the problem is that by default those are in random
TCP ports. They can be fixed with configuration in /etc/sysconfig/nfs.

This is the /etc/sysconfig/nfs I am using on an NFS server behind firewall:

LOCKD_TCPPORT=2050
LOCKD_UDPPORT=2050
RQUOTAD_PORT=2051
MOUNTD_PORT=2052
STATD_PORT=2053
STATD_OUTGOING_PORT=2054

And then my iptables rules:

iptables -A FORWARD ... -p tcp -m multiport --dports 111,2049:2054
iptables -A FORWARD ... -p udp -m multiport --dports 111,2049:2054

It works well for me.

I believe some of those (like STATD_OUTGOING_PORT) should really be
set on the client, so I'm not 100% sure that this is the exact
configuration you need, but as I said, it works for me, so I'm fine
with it.

HTH,
Filipe



More information about the CentOS mailing list