NFS through firewall
Nigel Wade
nmw at ion.le.ac.uk
Fri Nov 18 09:36:17 UTC 2005
James Pifer wrote:
> Hi. I have a server in our DMZ and I'm exporting a specific directory
> with NFS. I have an internal server that I want to mount it on. The
> internal server is allowed through the firewall without restriction.
> Firewall guy tells me it's wide open for this internal server, TCP and
> UDP.
>
> When I try to mount the drive I get this error:
> pmap_getmaps rpc problem: RPC: Unable to receive; errno = Connection
> reset by peer
>
> On the server running NFS I get this:
> rpc.mountd: authenticated mount request from [internal_server]:680
> for /usr/test (/usr/test)
>
> If I do an nmap from the internal server to the external server running
> I get:
>
> (The 1648 ports scanned but not shown below are in state: closed)
> PORT STATE SERVICE
> 22/tcp open ssh
> 80/tcp open http
> 111/tcp open rpcbind
> 443/tcp open https
> 933/tcp open unknown
> 5001/tcp open commplex-link
> 5801/tcp open vnc-http-1
> 5901/tcp open vnc-1
> 10000/tcp open snet-sensor-mgmt
>
> A UDP port scan seems to hang.
>
> If I do an rpcinfo on the external server running NFS I get:
> # rpcinfo -p 127.0.0.1
> program vers proto port
> 100000 2 tcp 111 portmapper
> 100000 2 udp 111 portmapper
> 100024 1 udp 32768 status
> 100024 1 tcp 32768 status
> 391002 2 tcp 32769 sgi_fam
> 100011 1 udp 930 rquotad
> 100011 2 udp 930 rquotad
> 100011 1 tcp 933 rquotad
> 100011 2 tcp 933 rquotad
> 100003 2 udp 2049 nfs
> 100003 3 udp 2049 nfs
> 100021 1 udp 32781 nlockmgr
> 100021 3 udp 32781 nlockmgr
> 100021 4 udp 32781 nlockmgr
> 100005 1 udp 32782 mountd
> 100005 1 tcp 59483 mountd
> 100005 2 udp 32782 mountd
> 100005 2 tcp 59483 mountd
> 100005 3 udp 32782 mountd
> 100005 3 tcp 59483 mountd
>
> Any thoughts on what the problem is?
>
> Thanks,
> James
>
Check that all firewalls have been setup to allow UDP. It looks as though TCP is
being allowed, but UDP is being blocked.
What version of the kernel are you running on the server? It's only registering
NFS vers 2&3 over UDP, not TCP.
--
Nigel Wade, System Administrator, Space Plasma Physics Group,
University of Leicester, Leicester, LE1 7RH, UK
E-mail : nmw at ion.le.ac.uk
Phone : +44 (0)116 2523548, Fax : +44 (0)116 2523555
More information about the users
mailing list