Firewall problems with NFS
John Summerfield
debian at herakles.homelinux.org
Wed Nov 14 23:28:59 UTC 2007
Bill Davidsen wrote:
> I have a firewall problem with running an NFS server on FC6 or FC8, due
> to the GUI configuration interface not opening the firewall when I check
> the NFS protocol support. It seems to only allow use as an NFS client,
> since that worked fine when I tested it.
>
> I can put the needed rules in the "RH-Firewall-1-INPUT" chain, but
> mixing GUI administration and manual administration is undesirable to
> prevent unexpected behavior, conflicts, etc, in the future. Is there
> really no way to open the ports for NFS server other than by hand?
>
I've just been down this path. I found a HOWTO by several authors,
including Mr Yum. Are you listening?
It was very old, but gave the basic information. Some of the details are
wrong for current Linux distributions.
I use shorewall firewall (on CentOS4 at home, Debian at work).
A part of the problem is that ports float, so first you need to tie
those down.
I discovered what to tie them to by finding what they were using at the
time. I used lsof, but netstat can do it too.
I examined the nfs startup script to discover how to lock them down, and
came to this. These are the values I have:
[root at js ~]# cat /etc/sysconfig/nfs
LOCKD_TCPPORT=32768
LOCKD_UDPPORT=32788
RQUOTAD_PORT=621
MOUNTD_PORT=640
[root at js ~]#
Then, I opened those ports as usual.
My NFS is working, but the real test comes next time I boot the
server/firewall.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
Please do not reply off-list
More information about the fedora-list
mailing list