[CentOS] firewall setup for nfs
Filipe Brandenburger
filbranden at gmail.com
Tue Aug 4 14:33:01 UTC 2009
Hi,
On Tue, Aug 4, 2009 at 10:23, Jerry Geis<geisj at pagestation.com> wrote:
> Below is my firewall rules for iptables.
> everything is working fine except for NFS
> I cannot mount my drive.
> If I turn off iptables I can mount.
You need to also allow access to daemons such as rpc.mountd, rpc.lockd
and rpc.statd, but the problem is that by default those are in random
TCP ports. They can be fixed with configuration in /etc/sysconfig/nfs.
This is the /etc/sysconfig/nfs I am using on an NFS server behind firewall:
LOCKD_TCPPORT=2050
LOCKD_UDPPORT=2050
RQUOTAD_PORT=2051
MOUNTD_PORT=2052
STATD_PORT=2053
STATD_OUTGOING_PORT=2054
And then my iptables rules:
iptables -A FORWARD ... -p tcp -m multiport --dports 111,2049:2054
iptables -A FORWARD ... -p udp -m multiport --dports 111,2049:2054
It works well for me.
I believe some of those (like STATD_OUTGOING_PORT) should really be
set on the client, so I'm not 100% sure that this is the exact
configuration you need, but as I said, it works for me, so I'm fine
with it.
HTH,
Filipe
More information about the CentOS
mailing list