On Thursday 18 February 2010 11:23:43 Rudi Ahlers wrote: > On Thu, Feb 18, 2010 at 1:11 PM, Tony Molloy <tony.molloy at ul.ie> wrote: > > On Thursday 18 February 2010 11:00:53 Rudi Ahlers wrote: > > > Hi all, > > > > > > Which ports do I need to have open on an NFS client's firewall to allow > > > > it > > > > > to connect to a remote NFS servers? > > > > > > When I disable iptables (using ConfigServerFirewall), it connects fine, > > > > but > > > > > as soon as I enable it, NFS gives me this error: > > > root at saturn:[~]$ mount master1.mydomain.co.za:/saturn /bck > > > mount: mount to NFS server 'master1.mydomain.co.za' failed: RPC Error: > > > Unable to send. > > > > > > I have added ports 111 & 2049 in both the TCP & UDP ingres & exgress > > > ranges, but that doesn't seem to help. portmap & nfs is running as > > > well. But as I say, as soon as I disable the firewall, it mounts fine. > > > > > > Google search results reveal a lot of different ports, like 4000:4004, > > > 83xxxx (something, I forgot) but it still doesn't help. > > > > > > > > > root at saturn:[~]$ rpcinfo -p > > > program vers proto port > > > 100000 2 tcp 111 portmapper > > > 100000 2 udp 111 portmapper > > > 100021 1 udp 48996 nlockmgr > > > 100021 3 udp 48996 nlockmgr > > > 100021 4 udp 48996 nlockmgr > > > 100021 1 tcp 47195 nlockmgr > > > 100021 3 tcp 47195 nlockmgr > > > 100021 4 tcp 47195 nlockmgr > > > 100011 1 udp 4004 rquotad > > > 100011 2 udp 4004 rquotad > > > 100011 1 tcp 4004 rquotad > > > 100011 2 tcp 4004 rquotad > > > 100003 2 udp 2049 nfs > > > 100003 3 udp 2049 nfs > > > 100003 4 udp 2049 nfs > > > 100003 2 tcp 2049 nfs > > > 100003 3 tcp 2049 nfs > > > 100003 4 tcp 2049 nfs > > > 100005 1 udp 4003 mountd > > > 100005 1 tcp 4003 mountd > > > 100005 2 udp 4003 mountd > > > 100005 2 tcp 4003 mountd > > > 100005 3 udp 4003 mountd > > > 100005 3 tcp 4003 mountd > > > > Hi, > > > > NFS by default uses random high numbered ports. See "48996 nlockmgr" > > above. > > You need to tie them down to allow them through your firewall > > > > Create the following file /etc/sysconfig/nfs > > > > #/etc/sysconfig/nfs > > # Created 05.07.05 by Tony Molloy > > > > # Number of NFS threads to run > > RPCNFSDCOUNT=48 > > > > # ports for statd daemon > > STATD_PORT=4000 > > STATD_OUTGOING_PORT=4004 > > > > # ports for lockd daemon > > LOCKD_TCPPORT=4001 > > LOCKD_UDPPORT=4001 > > > > # ports for mountd daemon > > #MOUNTD_NFS_V2=no > > #MOUNTD_NFS_V3=no > > MOUNTD_PORT=4002 > > > > # ports for rquota daemon > > #RQUOTAD=no > > RQUOTAD_PORT=4003 > > > > > > Then open ports 4000:4004 in you firewall as well as port 111 the > > portmapper > > and port 2049 for NFS > > > > Hope this helps, > > > > Tony > > > > > > -- > > > > Chief Technical Officer. Tel: +353 061-202778 > > Dept. of Comp. Sci. > > University of Limerick. > > > > _______________________________________________ > > CentOS mailing list > > CentOS at centos.org > > http://lists.centos.org/mailman/listinfo/centos > > Hi Tony, > > Where do I do this? On the NFS server, or the NSF client? > Put the file on the NFS server and open the ports on the NFS server. Then restart NFS services # service nfs start # service nfslock start To make these permanent # chkconfig --level 35 nfs on # chkconfig --level 35 nfslock on Check with rpcinfo that NFS is using the specified ports. Tony > 4 other NFS clients have connected to this server successfully, and I used > the same settings (i.e. opened port 111 & 4096) on the client's firewall > -- Chief Technical Officer. Tel: +353 061-202778 Dept. of Comp. Sci. University of Limerick.