Hi all,
Which ports do I need to have open on an NFS client's firewall to allow it
to connect to a remote NFS servers?
When I disable iptables (using ConfigServerFirewall), it connects fine, but
as soon as I enable it, NFS gives me this error:
root at saturn:[~]$ mount master1.mydomain.co.za:/saturn /bck
mount: mount to NFS server 'master1.mydomain.co.za' failed: RPC Error:
Unable to send.
I have added ports 111 & 2049 in both the TCP & UDP ingres & exgress
ranges,
but that doesn't seem to help. portmap & nfs is running as well. But as
I
say, as soon as I disable the firewall, it mounts fine.
Google search results reveal a lot of different ports, like 4000:4004,
83xxxx (something, I forgot) but it still doesn't help.
root at saturn:[~]$ rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100021 1 udp 48996 nlockmgr
100021 3 udp 48996 nlockmgr
100021 4 udp 48996 nlockmgr
100021 1 tcp 47195 nlockmgr
100021 3 tcp 47195 nlockmgr
100021 4 tcp 47195 nlockmgr
100011 1 udp 4004 rquotad
100011 2 udp 4004 rquotad
100011 1 tcp 4004 rquotad
100011 2 tcp 4004 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100005 1 udp 4003 mountd
100005 1 tcp 4003 mountd
100005 2 udp 4003 mountd
100005 2 tcp 4003 mountd
100005 3 udp 4003 mountd
100005 3 tcp 4003 mountd
--
Kind Regards
Rudi Ahlers
SoftDux
Website: http://www.SoftDux.com
Technical Blog: http://Blog.SoftDux.com
Office: 087 805 9573
Cell: 082 554 7532
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20100218/c8721264/attachment.html>
Hi You need 2 ports open 2049/udp 2049/tcp but you should read this little howto http://www.cyberciti.biz/faq/centos-fedora-rhel-iptables-open-nfs-server-ports/ Per On Thu, 2010-02-18 at 13:00 +0200, Rudi Ahlers wrote:> Hi all, > > > Which ports do I need to have open on an NFS client's firewall to > allow it to connect to a remote NFS servers? > > > When I disable iptables (using ConfigServerFirewall), it connects > fine, but as soon as I enable it, NFS gives me this error: > root at saturn:[~]$ mount master1.mydomain.co.za:/saturn /bck > mount: mount to NFS server 'master1.mydomain.co.za' failed: RPC Error: > Unable to send. > > > I have added ports 111 & 2049 in both the TCP & UDP ingres & exgress > ranges, but that doesn't seem to help. portmap & nfs is running as > well. But as I say, as soon as I disable the firewall, it mounts > fine. > > > Google search results reveal a lot of different ports, like 4000:4004, > 83xxxx (something, I forgot) but it still doesn't help. > > > > > root at saturn:[~]$ rpcinfo -p > program vers proto port > 100000 2 tcp 111 portmapper > 100000 2 udp 111 portmapper > 100021 1 udp 48996 nlockmgr > 100021 3 udp 48996 nlockmgr > 100021 4 udp 48996 nlockmgr > 100021 1 tcp 47195 nlockmgr > 100021 3 tcp 47195 nlockmgr > 100021 4 tcp 47195 nlockmgr > 100011 1 udp 4004 rquotad > 100011 2 udp 4004 rquotad > 100011 1 tcp 4004 rquotad > 100011 2 tcp 4004 rquotad > 100003 2 udp 2049 nfs > 100003 3 udp 2049 nfs > 100003 4 udp 2049 nfs > 100003 2 tcp 2049 nfs > 100003 3 tcp 2049 nfs > 100003 4 tcp 2049 nfs > 100005 1 udp 4003 mountd > 100005 1 tcp 4003 mountd > 100005 2 udp 4003 mountd > 100005 2 tcp 4003 mountd > 100005 3 udp 4003 mountd > 100005 3 tcp 4003 mountd > > > > > -- > Kind Regards > Rudi Ahlers > SoftDux > > Website: http://www.SoftDux.com > Technical Blog: http://Blog.SoftDux.com > Office: 087 805 9573 > Cell: 082 554 7532 > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
On Thursday 18 February 2010 11:00:53 Rudi Ahlers wrote:> Hi all, > > Which ports do I need to have open on an NFS client's firewall to allow it > to connect to a remote NFS servers? > > When I disable iptables (using ConfigServerFirewall), it connects fine, but > as soon as I enable it, NFS gives me this error: > root at saturn:[~]$ mount master1.mydomain.co.za:/saturn /bck > mount: mount to NFS server 'master1.mydomain.co.za' failed: RPC Error: > Unable to send. > > I have added ports 111 & 2049 in both the TCP & UDP ingres & exgress > ranges, but that doesn't seem to help. portmap & nfs is running as well. > But as I say, as soon as I disable the firewall, it mounts fine. > > Google search results reveal a lot of different ports, like 4000:4004, > 83xxxx (something, I forgot) but it still doesn't help. > > > root at saturn:[~]$ rpcinfo -p > program vers proto port > 100000 2 tcp 111 portmapper > 100000 2 udp 111 portmapper > 100021 1 udp 48996 nlockmgr > 100021 3 udp 48996 nlockmgr > 100021 4 udp 48996 nlockmgr > 100021 1 tcp 47195 nlockmgr > 100021 3 tcp 47195 nlockmgr > 100021 4 tcp 47195 nlockmgr > 100011 1 udp 4004 rquotad > 100011 2 udp 4004 rquotad > 100011 1 tcp 4004 rquotad > 100011 2 tcp 4004 rquotad > 100003 2 udp 2049 nfs > 100003 3 udp 2049 nfs > 100003 4 udp 2049 nfs > 100003 2 tcp 2049 nfs > 100003 3 tcp 2049 nfs > 100003 4 tcp 2049 nfs > 100005 1 udp 4003 mountd > 100005 1 tcp 4003 mountd > 100005 2 udp 4003 mountd > 100005 2 tcp 4003 mountd > 100005 3 udp 4003 mountd > 100005 3 tcp 4003 mountd >Hi, NFS by default uses random high numbered ports. See "48996 nlockmgr" above. You need to tie them down to allow them through your firewall Create the following file /etc/sysconfig/nfs #/etc/sysconfig/nfs # Created 05.07.05 by Tony Molloy # Number of NFS threads to run RPCNFSDCOUNT=48 # ports for statd daemon STATD_PORT=4000 STATD_OUTGOING_PORT=4004 # ports for lockd daemon LOCKD_TCPPORT=4001 LOCKD_UDPPORT=4001 # ports for mountd daemon #MOUNTD_NFS_V2=no #MOUNTD_NFS_V3=no MOUNTD_PORT=4002 # ports for rquota daemon #RQUOTAD=no RQUOTAD_PORT=4003 Then open ports 4000:4004 in you firewall as well as port 111 the portmapper and port 2049 for NFS Hope this helps, Tony -- Chief Technical Officer. Tel: +353 061-202778 Dept. of Comp. Sci. University of Limerick.
On Thu, Feb 18, 2010 at 3:00 AM, Rudi Ahlers <Rudi at softdux.com> wrote:> Hi all, > Which ports do I need to have open on an NFS client's firewall to allow it > to connect to a remote NFS servers? > When I disable iptables (using ConfigServerFirewall), it connects fine, but > as soon as I enable it, NFS gives me this error: > root at saturn:[~]$ mount master1.mydomain.co.za:/saturn /bck > mount: mount to NFS server 'master1.mydomain.co.za' failed: RPC Error: > Unable to send. > I have added ports 111 & 2049 in both the TCP & UDP ingres & exgress ranges, > but that doesn't seem to help. portmap & nfs is running as well. But as I > say, as soon as I disable the firewall, it mounts fine. > Google search results reveal a lot of different ports, like 4000:4004, > 83xxxx (something, I forgot) but it still doesn't help. > > root at saturn:[~]$ rpcinfo -p > ?? program vers proto ? port > ?? ?100000 ? ?2 ? tcp ? ?111 ?portmapper > ?? ?100000 ? ?2 ? udp ? ?111 ?portmapper > ?? ?100021 ? ?1 ? udp ?48996 ?nlockmgr > ?? ?100021 ? ?3 ? udp ?48996 ?nlockmgr > ?? ?100021 ? ?4 ? udp ?48996 ?nlockmgr > ?? ?100021 ? ?1 ? tcp ?47195 ?nlockmgr > ?? ?100021 ? ?3 ? tcp ?47195 ?nlockmgr > ?? ?100021 ? ?4 ? tcp ?47195 ?nlockmgr > ?? ?100011 ? ?1 ? udp ? 4004 ?rquotad > ?? ?100011 ? ?2 ? udp ? 4004 ?rquotad > ?? ?100011 ? ?1 ? tcp ? 4004 ?rquotad > ?? ?100011 ? ?2 ? tcp ? 4004 ?rquotad > ?? ?100003 ? ?2 ? udp ? 2049 ?nfs > ?? ?100003 ? ?3 ? udp ? 2049 ?nfs > ?? ?100003 ? ?4 ? udp ? 2049 ?nfs > ?? ?100003 ? ?2 ? tcp ? 2049 ?nfs > ?? ?100003 ? ?3 ? tcp ? 2049 ?nfs > ?? ?100003 ? ?4 ? tcp ? 2049 ?nfs > ?? ?100005 ? ?1 ? udp ? 4003 ?mountd > ?? ?100005 ? ?1 ? tcp ? 4003 ?mountd > ?? ?100005 ? ?2 ? udp ? 4003 ?mountd > ?? ?100005 ? ?2 ? tcp ? 4003 ?mountd > ?? ?100005 ? ?3 ? udp ? 4003 ?mountd > ?? ?100005 ? ?3 ? tcp ? 4003 ?mountd > > --I would strongly recommend using NFS4 if at all possible. See Chapter 18 for NFS in general and 18.8 for security issues http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-nfs-security.html -- Enjoy global warming while it lasts.