NFS Mounting over WAN which ports

ubuntu nfs port-forwarding

5,390

Solution 1

Aside from hunting down every single ports opened/required by NFS, consider setting up a VPN tunnel between your firewall since you are in control of both ends. Then mount your nfs through the tunnel, that will save you a lot of trouble and firewall(and NAT) configuration.

NFS server behind firwall require special setup on the server itself, however I doubt you can do it with a NAS device. Following is a guild from RedHat https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Storage_Administration_Guide/s2-nfs-nfs-firewall-config.html

I think vpn tunnel is really your best choice if not the only choice.

Solution 2

On NFS client OS you can run:

showmount -e your_nfs_server_ip

At the same time open another terminal to same machine and run:

netstat -nputw

Then you will see outgoing ports.

In my case helped adding port 55493 to router NAT

Solution 3

Assuming you are in control of the firewalls both on your local site and the remote site (pertaining to your own network that is) did you try temporarily dropping the firewalls on both sides ? This might very well be a port blocking issue, originating from your link provider.

5,390

xercool

Updated on September 18, 2022

Comments

xercool over 1 year

I have a NAS box setup at a different location than our company. The idea was to use it as offsite backup. When the NAS box was on our LAN we had no issues mounting the NFS shares. Once we moved it to the offsite location we are unable to talk to it.

So far I have forwarded ports (tcp and upd): 2049, 111, 1110, 4045

Every command such as rpcbind, showmount and mount itself all report connection timed out.

It has become increasingly hard to determine where I am being firewalled. Can anyone point out some tips. What ports do I need to open at the offsite location and which ports need to be forwarded at our main location?
- user98085 over 11 years
  
  Mind tracerouteing to it, and pasting the report here - ( or rather, using that to determine where you're being firewalled ;) )?
- dchirikov over 11 years
  
  Do you use static ports for NFS?
- xercool over 11 years
  
  I've updated with traceroute. The NAS is somewhat primitive so I can't configure much on it. A nmap of the NAS shows which ports are open (2049 being one of them). Do I setup static ports for the NFS on the side trying to mount it? I found this article which might help shed some light (novell.com/support/kb/doc.php?id=7000524).
- xercool over 11 years
  
  I added mount -v output for a failed attempt to mount the NFS.
- Philipp Wendler over 11 years
  
  Do you really want to transfer your important backup via an unencrypted connection through the internet?
xercool over 11 years

I am in control of both sides. The only firewall the NAS is behind at the offsite location is the router it is plugged into. So a pseudo firewall. I could try DMZ`n the NAS box to see if that helps? Onsite location we have full control over as well. The linux box trying to mount the NFS I've disabled ufw firewall but it is also behind a router... I'm quite positive this is a port blocking issue. I'm just stumped on which ports need to be open on both sides.
xercool over 11 years

The reason I marked this as the answer is two fold. First VPN is really the best way to set this up. I flashed DD-WRT onto the router at the offsite location and then setup OpenVPN. Second, the method I was trying to setup is totally unencrypted (as pointed out by Philipp Wendler in OP). So anyone ending up here attempting the same, just setup a VPN and be done with it.
Lauris Kuznecovs over 7 years

Another idea is to set DMZ to NFS IP