Help - Search - Members - Calendar
Full Version: Configuring Firewall For Nfs
Linuxhelp > Support > Technical Support
cmcp
I'm trying to configure an NFS client, and after going through all of the steps that I thought were necessary, it seems that the firewall on the client is too strict to allow NFS. I am not sure how to configure the firewall for NFS nor what files need to be modified to do so, so any input is greatly appreciated.

The error I get when I try to mount the shared directory is:
mount: RPC: Port mapper failure - RPC: Unable to receive

I am running RedHat 7.3 and I am fairly certain that all daemons and services necessary for NFS are running. Here is the output of rpcinfo -p on the NFS server:
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 1024 status
100024 1 tcp 1024 status
391002 2 tcp 1026 sgi_fam
100011 1 udp 939 rquotad
100011 2 udp 939 rquotad
100011 1 tcp 942 rquotad
100011 2 tcp 942 rquotad
100005 1 udp 1028 mountd
100005 1 tcp 1027 mountd
100005 2 udp 1028 mountd
100005 2 tcp 1027 mountd
100005 3 udp 1028 mountd
100005 3 tcp 1027 mountd
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 1029 nlockmgr
100021 3 udp 1029 nlockmgr
100021 4 udp 1029 nlockmgr

and here is the rpcinfo -p output for the client:
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100011 1 udp 620 rquotad
100011 2 udp 620 rquotad
100011 1 tcp 623 rquotad
100011 2 tcp 623 rquotad
100005 1 udp 32768 mountd
100005 1 tcp 32768 mountd
100005 2 udp 32768 mountd
100005 2 tcp 32768 mountd
100005 3 udp 32768 mountd
100005 3 tcp 32768 mountd
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100021 1 udp 32770 nlockmgr
100021 3 udp 32770 nlockmgr
100021 4 udp 32770 nlockmgr

The /etc/exports file is setup to allow NFS access from the entire private network:
/home/mpich-1.2.4 192.168.181.0/255.255.255.0(rw) 192.168.181.8/255.255.255.0(r$5.0(rw,no_root_squash)

The bottom line and top line are on one line in the file. I don't know what the r$5.0 syntax means in the second line, but it doesn't strike me as the cause of the mounting problem.

If any additional information is needed, please just ask. Thank you very much in advance for your input.
Joey
What firewall are you using? IPTables? If so there is a sample script on our Guides Page at http://www.linuxhelp.ca/guides/ that you can download and edit and then run. By editing the script you can open the required ports etc.
cmcp
I have both IPChains and IPTables running. I didn't know that there are different types of firewalls, so thanks for that info. Is it still advisable to run the script you mentioned? Thanks!
Joey
You probably dont need ipchains running if you are using IPTables. I would disable IPchains and then grab the IPTables script from the site and configure it/run it.
cmcp
Thanks again for your help.

I have a couple more questions. The main one is how do I edit the IPTables script to enable NFS for a client? I am not sure if NFS is handled through a specific port that is covered by the script that I should open or what.

Second, there are a few parts of the script where machines on a 'home network' can be specified. All of the machines that I will run the IPTables script on are on a private network and should all be able to access each other via SSH only. In order to allow this, do I need to specify all 240 computers in the rule to allow connections from local machines, or will it suffice to just use the rule to allow SSH access? If I were to specify those computers in the rule to allow connections from local machines would that enable rlogin, rsh, etc. for them (which I don't want), or does it just not deny whatever connections the computers might attempt immediately? Also, if I need to specify all 240 computers in the SSH or local connections rules, is there a way to specify all 240 computers without typing a line for each IP address (i.e. a range from 192.168.181.1 to 192.168.181.240)? Or, alternatively, to allow SSH connections from the entire private network 192.168.181.***, which would probably be better anyway?

And finally, to make the script, should I copy the text from the IPTables script into a file called iptables-firewall.sh for example, or do you suggest another way?

Thank you again for all your help, and I'm sorry for the many questions -- but I am learning!
cmcp
I've looked around on the internet for stuff about NFS and any ports involved or any information that could tell me how the IPTables firewall script needs to be configured to allow NFS and haven't found anything useful. I tried just taking the script as-is and making a few modifications that were necessary to make it work for the machine I ran it on and NFS still could not mount.

If anyone has any suggestions, please mention them. Also, if anyone is able to describe how they have setup NFS, I would appreciate that very much. Thanks.
cmcp
I've looked around on the internet for stuff about NFS and any ports involved or any information that could tell me how the IPTables firewall script needs to be configured to allow NFS and haven't found anything useful. I tried just taking the script as-is and making a few modifications that were necessary to make it work for the machine I ran it on and NFS still could not mount.

If anyone has any suggestions, please mention them. Also, if anyone is able to describe how they have setup NFS, I would appreciate that very much. Thanks.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2017 Invision Power Services, Inc.