setting up nfs behind firewall in centos

Posted by on 23/02/2011 Leave a comment (0) Go to comments

Setup nfs in your system then issue “rpcinfo -p” to check the used ports.

rpcinfo -p

You’ll see something like this

program vers proto   port
100000    2   tcp    111  portmapper
100000    2   udp    111  portmapper
100011    1   udp    875  rquotad
100011    2   udp    875  rquotad
100011    1   tcp    875  rquotad
100011    2   tcp    875  rquotad
100003    2   udp   2049  nfs
100003    3   udp   2049  nfs
100003    4   udp   2049  nfs
100021    1   udp  32769  nlockmgr
100021    3   udp  32769  nlockmgr
100021    4   udp  32769  nlockmgr
100021    1   tcp  32803  nlockmgr
100021    3   tcp  32803  nlockmgr
100021    4   tcp  32803  nlockmgr
100003    2   tcp   2049  nfs
100003    3   tcp   2049  nfs
100003    4   tcp   2049  nfs
100005    1   udp    892  mountd
100005    1   tcp    892  mountd
100005    2   udp    892  mountd
100005    2   tcp    892  mountd
100005    3   udp    892  mountd
100005    3   tcp    892  mountd

the fourth column shows you the used port. Reboot your system (or restart portmap & nfs) and check out the ports again. Most of them will be different. This makes it impossible to configure a hardware firewall or even iptables. To make services use static ports, edit /etc/sysconfig/nfs

vi /etc/sysconfig/nfs

and uncomment the following lines

RQUOTAD_PORT=875

LOCKD_TCPPORT=32803

LOCKD_UDPPORT=32769

MOUNTD_PORT=892

STATD_PORT=662

restart portmap & nfs

service portmap restart

service nfs restart

From now on the ports will stay the same. Add them to your firewall

linux, , ,

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.