ubuntu: configure iptables to allow NFS traffic
If you using just TCP with NFS4, ports 111 and 2049 will do. If you are planning to have NFS3 and below for compatibility reasons, you need to open ports for within the following:
RQUOTA
LOCKD
MOUNTD
STATD
However, you will need to explicitly set static ports for those domains, otherwise they will use random ports by default, which will cause issues for NFSv2/3 clients. Here is a link for specifying the ports on Ubuntu:
https://wiki.ubuntu.com/How%20to%20get%20NFS%20working%20with%20Ubuntu-CE-Firewall
(For some reason, it is harder to do on Ubuntu than on Red Hat, as most of the links I found are for Red Hat. If I find something better, I'll post an update)
EDIT: Here is a better one - this is from Debian, which Ubuntu is based on:
http://wiki.debian.org/SecuringNFS
Also, in that article, go to this link:
http://www.tldp.org/HOWTO/NFS-HOWTO/security.html
Related videos on Youtube
jsharpe
Updated on September 18, 2022Comments
-
jsharpe over 1 year
Possible Duplicate:
Running NFS with iptables, change firewall?I need to allow a client to connect to a nfs server. If I disable iptables then NFS works great.
I understand that when NFS starts it'll fire up RPCNFSDCOUNT (/etc/default/nfs-kernel-server) processes that all are running on a different port.
How do I specify what ports those are so that they always fire up on the same port?
Presumably I need to open up 111 for UDP and TCP traffic. What about the NFS ports? 2049? UDP/TCP? The other ports?
Ubuntu-specific answers would be appreciated.
-
jsharpe over 12 yearsI would use NFS4, but I'm on the latest ubuntu server and $ nfsstat is showing v3.
-
Rilindo over 12 yearsThen you definitely need to explicitly set ports for the above daemons.