Re: NFS versus the firewall

The difficulty with nfs is that it uses a few auxiliary rpc services, which by default get started on a random port. These random ports must be open in the firewall, but because they are random, the iptables has no idea what they might be. The cure is to force these services to ALWAYS start on pre-assigned ports, and open these ports in the firewall. To this end, on the nfs server 1) Create a file /etc/sysconfig/nfs with the following contents: RQUOTAD_PORT=4000 LOCKD_TCPPORT=4001 LOCKD_UDPPORT=4001 MOUNTD_PORT=4002 STATD_PORT=4003 The nfs config file already exists, but it's full of comments. Erase everything and put these lines in, or just edit the appropriate lines in the existing file. You can choose any ports available, not necessarily 4000-4003. 2) Open range 4000-4003 tcp and udp in iptables. This you can do manually, but it can be done from system-config-firewall very easily and intuitively. 3) Open port 111 (portmapper) and 2049 (nfs) as well. Done. Now, from any client (which should be running the automounter (autofs) by default), you should be able to cd /net/nfsserver/exported/partition I have all this up and running, and it's pretty cool to watch video that resides on my main pc (nfs server) on my big hdtv, via nfs and a wireless laptop that sits on top of my tv. -- fedora-list mailing list fedora-list(a)redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list