NFS through firewall

Nigel Wade nmw at ion.le.ac.uk
Fri Nov 18 09:36:17 UTC 2005


James Pifer wrote:
> Hi. I have a server in our DMZ and I'm exporting a specific directory
> with NFS. I have an internal server that I want to mount it on. The
> internal server is allowed through the firewall without restriction.
> Firewall guy tells me it's wide open for this internal server, TCP and
> UDP. 
> 
> When I try to mount the drive I get this error:
> pmap_getmaps rpc problem: RPC: Unable to receive; errno = Connection
> reset by peer
> 
> On the server running NFS I get this:
> rpc.mountd: authenticated mount request from [internal_server]:680
> for /usr/test (/usr/test)
> 
> If I do an nmap from the internal server to the external server running
> I get:
> 
> (The 1648 ports scanned but not shown below are in state: closed)
> PORT      STATE SERVICE
> 22/tcp    open  ssh
> 80/tcp    open  http
> 111/tcp   open  rpcbind
> 443/tcp   open  https
> 933/tcp   open  unknown
> 5001/tcp  open  commplex-link
> 5801/tcp  open  vnc-http-1
> 5901/tcp  open  vnc-1
> 10000/tcp open  snet-sensor-mgmt
> 
> A UDP port scan seems to hang. 
> 
> If I do an rpcinfo on the external server running NFS I get:
> # rpcinfo -p 127.0.0.1
>    program vers proto   port
>     100000    2   tcp    111  portmapper
>     100000    2   udp    111  portmapper
>     100024    1   udp  32768  status
>     100024    1   tcp  32768  status
>     391002    2   tcp  32769  sgi_fam
>     100011    1   udp    930  rquotad
>     100011    2   udp    930  rquotad
>     100011    1   tcp    933  rquotad
>     100011    2   tcp    933  rquotad
>     100003    2   udp   2049  nfs
>     100003    3   udp   2049  nfs
>     100021    1   udp  32781  nlockmgr
>     100021    3   udp  32781  nlockmgr
>     100021    4   udp  32781  nlockmgr
>     100005    1   udp  32782  mountd
>     100005    1   tcp  59483  mountd
>     100005    2   udp  32782  mountd
>     100005    2   tcp  59483  mountd
>     100005    3   udp  32782  mountd
>     100005    3   tcp  59483  mountd
> 
> Any thoughts on what the problem is?
> 
> Thanks,
> James
> 

Check that all firewalls have been setup to allow UDP. It looks as though TCP is 
being allowed, but UDP is being blocked.

What version of the kernel are you running on the server? It's only registering 
NFS vers 2&3 over UDP, not TCP.

-- 
Nigel Wade, System Administrator, Space Plasma Physics Group,
             University of Leicester, Leicester, LE1 7RH, UK
E-mail :    nmw at ion.le.ac.uk
Phone :     +44 (0)116 2523548, Fax : +44 (0)116 2523555




More information about the users mailing list