Hi, you also need to add portmapper ( port 110 ) and lock the following ports preventing portmapper to assign random ports Uncomment the following in /etc/sysconfig/nfs and make sure the portmapper is restarted. RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 STATD_PORT=662 Choose ports as you like and add them in the firewall. Met vriendelijke groet / With kind regards, Bob Tito Op 04-08-09 16:23, Jerry Geis <geisj at pagestation.com> schreef: > Below is my firewall rules for iptables. > everything is working fine except for NFS > I cannot mount my drive. > > If I turn off iptables I can mount. > > Looking at this : > http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-nfs.html > Important > In order for NFS to work with a default installation of Red Hat Enterprise > Linux with a firewall enabled, IPTables with the default TCP port 2049 must be > configured. Without proper IPTables configuration, NFS does not function > properly. > > The NFS initialization script and rpc.nfsd process now allow binding to any > specified port during system start up. However, this can be error prone if the > port is unavailable or conflicts with another daemon. > > I have port 2049 listed in my iptables. > > Is there a reason I cannot mount? > thanks, > > Jerry > > ------------------------------ > > > # Firewall configuration written by system-config-securitylevel > # Manual customization of this file is not recommended. > *filter > :INPUT ACCEPT [0:0] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [0:0] > :RH-Firewall-1-INPUT - [0:0] > -A INPUT -j RH-Firewall-1-INPUT > -A FORWARD -j RH-Firewall-1-INPUT > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > -A RH-Firewall-1-INPUT -i lo -j ACCEPT > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > -A RH-Firewall-1-INPUT -p 50 -j ACCEPT > -A RH-Firewall-1-INPUT -p 51 -j ACCEPT > -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT > -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT > -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 69 -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6540 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6500 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6510 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6520 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5060 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5036 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 4569 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 1720 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 4520 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 123 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5900 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5900 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2000 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2000 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 5353 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5353 -j > ACCEPT > -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6544 -j > ACCEPT > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20090804/e4a9ca09/attachment-0005.html>