On 8/28/19 2:52 PM, John Harris wrote:
The following two commands, in order, add the rule to your running config, and to your permanent firewall config:
firewall-cmd --add-service=nfs firewall-cmd --add-service=nfs --permanent
That may not be sufficient depending on the zone an interface is assigned.
NFS-Server=f30k, NFS-Client=meimei The zone on NFS-Server is "home".
[root@f30-k ~]# firewall-cmd --info-zone=home home (active) target: default icmp-block-inversion: no interfaces: enp0s8 sources: services: dhcpv6-client mdns nfs nfs3 rpc-bind samba-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
[egreshko@meimei ~]$ showmount -e f30k rpc mount export: RPC: Timed out
But then....
[root@f30-k ~]# firewall-cmd --zone=home --add-port=111/udp success [root@f30-k ~]# firewall-cmd --zone=home --add-port=111/udp --permanent success [root@f30-k ~]# firewall-cmd --zone=home --add-port=20048/udp success [root@f30-k ~]# firewall-cmd --zone=home --add-port=20048/udp --permanent success
And the result is
[egreshko@meimei ~]$ showmount -e f30k Export list for f30k: /home 192.168.1.0/24,2001:B030:112F:0000::/56