[CentOS] NFS client firewall config?

Thu Feb 18 21:43:28 UTC 2010
Rudi Ahlers <rudiahlers at gmail.com>

On Thu, Feb 18, 2010 at 1:11 PM, Tony Molloy <tony.molloy at ul.ie> wrote:

> On Thursday 18 February 2010 11:00:53 Rudi Ahlers wrote:
> > Hi all,
> >
> > Which ports do I need to have open on an NFS client's firewall to allow
> it
> > to connect to a remote NFS servers?
> >
> > When I disable iptables (using ConfigServerFirewall), it connects fine,
> but
> > as soon as I enable it, NFS gives me this error:
> > root at saturn:[~]$ mount master1.mydomain.co.za:/saturn /bck
> > mount: mount to NFS server 'master1.mydomain.co.za' failed: RPC Error:
> > Unable to send.
> >
> > I have added ports 111 & 2049 in both the TCP & UDP ingres & exgress
> >  ranges, but that doesn't seem to help. portmap & nfs is running as well.
> >  But as I say, as soon as I disable the firewall, it mounts fine.
> >
> > Google search results reveal a lot of different ports, like 4000:4004,
> > 83xxxx (something, I forgot) but it still doesn't help.
> >
> >
> > root at saturn:[~]$ rpcinfo -p
> >    program vers proto   port
> >     100000    2   tcp    111  portmapper
> >     100000    2   udp    111  portmapper
> >     100021    1   udp  48996  nlockmgr
> >     100021    3   udp  48996  nlockmgr
> >     100021    4   udp  48996  nlockmgr
> >     100021    1   tcp  47195  nlockmgr
> >     100021    3   tcp  47195  nlockmgr
> >     100021    4   tcp  47195  nlockmgr
> >     100011    1   udp   4004  rquotad
> >     100011    2   udp   4004  rquotad
> >     100011    1   tcp   4004  rquotad
> >     100011    2   tcp   4004  rquotad
> >     100003    2   udp   2049  nfs
> >     100003    3   udp   2049  nfs
> >     100003    4   udp   2049  nfs
> >     100003    2   tcp   2049  nfs
> >     100003    3   tcp   2049  nfs
> >     100003    4   tcp   2049  nfs
> >     100005    1   udp   4003  mountd
> >     100005    1   tcp   4003  mountd
> >     100005    2   udp   4003  mountd
> >     100005    2   tcp   4003  mountd
> >     100005    3   udp   4003  mountd
> >     100005    3   tcp   4003  mountd
> >
>
> Hi,
>
> NFS by default uses random high numbered ports. See "48996  nlockmgr"
> above.
> You need to tie them down to allow them through your firewall
>
> Create the following file /etc/sysconfig/nfs
>
> #/etc/sysconfig/nfs
> # Created 05.07.05 by Tony Molloy
>
> # Number of NFS threads to run
> RPCNFSDCOUNT=48
>
> # ports for statd daemon
> STATD_PORT=4000
> STATD_OUTGOING_PORT=4004
>
> # ports for lockd daemon
> LOCKD_TCPPORT=4001
> LOCKD_UDPPORT=4001
>
> # ports for mountd daemon
> #MOUNTD_NFS_V2=no
> #MOUNTD_NFS_V3=no
> MOUNTD_PORT=4002
>
> # ports for rquota daemon
> #RQUOTAD=no
> RQUOTAD_PORT=4003
>
>
> Then open ports 4000:4004 in you firewall as well as port 111 the
> portmapper
> and port 2049 for NFS
>
> Hope this helps,
>
> Tony
>
>
> --
>
> Chief Technical Officer.                   Tel: +353 061-202778
> Dept. of Comp. Sci.
> University of Limerick.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>


Thanx, this solved the problem :)

-- 
Kind Regards
Rudi Ahlers
SoftDux

Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20100218/b24c4c1e/attachment-0004.html>