I've got a newly installed Centos 5.0 box, planned to replace an ageing server (solaris box). I've set up the nfs shares, but the other solaris boxes won't mount them, unless I turn of iptables on the Centos box. If I do that, they mount, and all operations tested to date work fine. Iptables is allowing the 2049 tcp and udp ports already. What else needs to be opened up in iptables for nfs to work through the firewall? I looked at the RHEL system admin guide on NFS and found nothing useful. thanks, -chuck
On Thu, Sep 13, 2007 at 03:22:39PM -0500, Chuck Campbell enlightened us:> I've got a newly installed Centos 5.0 box, planned to replace an ageing server > (solaris box). I've set up the nfs shares, but the other solaris boxes > won't mount them, unless I turn of iptables on the Centos box. If I do that, > they mount, and all operations tested to date work fine. > > Iptables is allowing the 2049 tcp and udp ports already. What else needs to > be opened up in iptables for nfs to work through the firewall? > > I looked at the RHEL system admin guide on NFS and found nothing useful. >I set the following in /etc/sysconfig/nfs (probably doesn't exist): STATD_PORT=4000 LOCKD_TCPPORT=4001 LOCKD_UDPPORT=4001 MOUNTD_PORT=4002 Then in iptables, I allow 4000-4002 on both TCP and UDP. I'm not positive which protocol STATD and MOUNTD use - possibly both, but it seems to work for me (along with allowing 2049 through). Matt -- Matt Hyclak Department of Mathematics Department of Social Work Ohio University (740) 593-1263
Chuck Campbell wrote:> > I've got a newly installed Centos 5.0 box, planned to replace > an ageing server > (solaris box). I've set up the nfs shares, but the other > solaris boxes > won't mount them, unless I turn of iptables on the Centos > box. If I do that, > they mount, and all operations tested to date work fine. > > Iptables is allowing the 2049 tcp and udp ports already. > What else needs to > be opened up in iptables for nfs to work through the firewall? > > I looked at the RHEL system admin guide on NFS and found > nothing useful.I'm guessing portmap most likely... tcp and udp port 111 It's for the RPC calls. -Ross ______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.
Around 09:22pm on Thursday, September 13, 2007 (UK time), Chuck Campbell scrawled:> I've got a newly installed Centos 5.0 box, planned to replace an ageing server > (solaris box). I've set up the nfs shares, but the other solaris boxes > won't mount them, unless I turn of iptables on the Centos box. If I do that, > they mount, and all operations tested to date work fine. > > Iptables is allowing the 2049 tcp and udp ports already. What else needs to > be opened up in iptables for nfs to work through the firewall? > > I looked at the RHEL system admin guide on NFS and found nothing useful.Look at my documentation at http://www.stevesearle.com/tech/faq.html#nfs0010 to see what you need to do. Steve -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting a bad thing? 22:33:14 up 39 days, 10:57, 1 user, load average: 0.05, 0.05, 0.08 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20070913/5c44ac25/attachment.sig>