Firewall problems with NFS

John Summerfield debian at herakles.homelinux.org
Wed Nov 14 23:28:59 UTC 2007


Bill Davidsen wrote:
> I have a firewall problem with running an NFS server on FC6 or FC8, due 
> to the GUI configuration interface not opening the firewall when I check 
> the NFS protocol support. It seems to only allow use as an NFS client, 
> since that worked fine when I tested it.
> 
> I can put the needed rules in the "RH-Firewall-1-INPUT" chain, but 
> mixing GUI administration and manual administration is undesirable to 
> prevent unexpected behavior, conflicts, etc, in the future. Is there 
> really no way to open the ports for NFS server other than by hand?
> 

I've just been down this path. I found a HOWTO by several authors, 
including Mr Yum. Are you listening?

It was very old, but gave the basic information. Some of the details are 
wrong for current Linux distributions.

I use shorewall firewall (on CentOS4 at home, Debian at work).

A part of the problem is that ports float, so first you need to tie 
those down.

I discovered what to tie them to by finding what they were using at the 
time. I used lsof, but netstat can do it too.

I examined the nfs startup script to discover how to lock them down, and 
came to this. These are the values I have:
[root at js ~]# cat /etc/sysconfig/nfs
LOCKD_TCPPORT=32768
LOCKD_UDPPORT=32788
RQUOTAD_PORT=621
MOUNTD_PORT=640

[root at js ~]#

Then, I opened those ports as usual.

My NFS is working, but the real test comes next time I boot the 
server/firewall.




-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

Please do not reply off-list




More information about the fedora-list mailing list