On Thu, Feb 18, 2010 at 3:00 AM, Rudi Ahlers <Rudi at softdux.com> wrote: > Hi all, > Which ports do I need to have open on an NFS client's firewall to allow it > to connect to a remote NFS servers? > When I disable iptables (using ConfigServerFirewall), it connects fine, but > as soon as I enable it, NFS gives me this error: > root at saturn:[~]$ mount master1.mydomain.co.za:/saturn /bck > mount: mount to NFS server 'master1.mydomain.co.za' failed: RPC Error: > Unable to send. > I have added ports 111 & 2049 in both the TCP & UDP ingres & exgress ranges, > but that doesn't seem to help. portmap & nfs is running as well. But as I > say, as soon as I disable the firewall, it mounts fine. > Google search results reveal a lot of different ports, like 4000:4004, > 83xxxx (something, I forgot) but it still doesn't help. > > root at saturn:[~]$ rpcinfo -p > program vers proto port > 100000 2 tcp 111 portmapper > 100000 2 udp 111 portmapper > 100021 1 udp 48996 nlockmgr > 100021 3 udp 48996 nlockmgr > 100021 4 udp 48996 nlockmgr > 100021 1 tcp 47195 nlockmgr > 100021 3 tcp 47195 nlockmgr > 100021 4 tcp 47195 nlockmgr > 100011 1 udp 4004 rquotad > 100011 2 udp 4004 rquotad > 100011 1 tcp 4004 rquotad > 100011 2 tcp 4004 rquotad > 100003 2 udp 2049 nfs > 100003 3 udp 2049 nfs > 100003 4 udp 2049 nfs > 100003 2 tcp 2049 nfs > 100003 3 tcp 2049 nfs > 100003 4 tcp 2049 nfs > 100005 1 udp 4003 mountd > 100005 1 tcp 4003 mountd > 100005 2 udp 4003 mountd > 100005 2 tcp 4003 mountd > 100005 3 udp 4003 mountd > 100005 3 tcp 4003 mountd > > -- I would strongly recommend using NFS4 if at all possible. See Chapter 18 for NFS in general and 18.8 for security issues http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-nfs-security.html -- Enjoy global warming while it lasts.