Firewall problems with NFS

Bill Davidsen davidsen at
Thu Nov 15 14:57:31 UTC 2007

Dr. Michael J. Chudobiak wrote:
> Bill Davidsen wrote:
>> I have a firewall problem with running an NFS server on FC6 or FC8, 
>> due to the GUI configuration interface not opening the firewall when I 
>> check the NFS protocol support. It seems to only allow use as an NFS 
>> client, since that worked fine when I tested it.
>> I can put the needed rules in the "RH-Firewall-1-INPUT" chain, but 
>> mixing GUI administration and manual administration is undesirable to 
>> prevent unexpected behavior, conflicts, etc, in the future. Is there 
>> really no way to open the ports for NFS server other than by hand?
> Opening NFS servers is tricky - the default GUI is too simple to do it 
> well.
> You'll probably need to:
> 1) Learn about port "pinning" for NFS (so it always uses the same ports).

Since the GUI doesn't know about this, it doesn't solve the problem of 
avoiding mixing GUI and manual firewall configuration, if I have to do 
any of it by hand I'll do it all by hand, I'm dubious about using the 
same rules for forwarding as INPUT anyway.
> 2) Use a fancier GUI, like firestarter (, to 
> control your firewall.

As above. My preference is to do it all by hand, but it's disappointing 
that the default Fedora tool doesn't work properly.
> NFS is insecure anyways, so you'll want to have another firewall outside 
>  the client network also. Do not expose the NFS server to public access.

Exports are to a very limited set of machines, and the rules I added by 
hand don't allow others.

Bill Davidsen <davidsen at>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

More information about the fedora-list mailing list