NFS through firewall
James Pifer
jep at obrien-pifer.com
Fri Nov 18 15:14:54 UTC 2005
On Fri, 2005-11-18 at 07:37 -0700, Craig White wrote:
> On Fri, 2005-11-18 at 09:21 -0500, James Pifer wrote:
> > On Fri, 2005-11-18 at 09:36 +0000, Nigel Wade wrote:
> > > James Pifer wrote:
> > > > Hi. I have a server in our DMZ and I'm exporting a specific directory
> > > > with NFS. I have an internal server that I want to mount it on. The
> > > > internal server is allowed through the firewall without restriction.
> > > > Firewall guy tells me it's wide open for this internal server, TCP and
> > > > UDP.
> > > >
> > > > When I try to mount the drive I get this error:
> > > > pmap_getmaps rpc problem: RPC: Unable to receive; errno = Connection
> > > > reset by peer
> > > >
> > > > On the server running NFS I get this:
> > > > rpc.mountd: authenticated mount request from [internal_server]:680
> > > > for /usr/test (/usr/test)
> > > >
> > > > If I do an nmap from the internal server to the external server running
> > > > I get:
> > > >
> > > > (The 1648 ports scanned but not shown below are in state: closed)
> > > > PORT STATE SERVICE
> > > > 22/tcp open ssh
> > > > 80/tcp open http
> > > > 111/tcp open rpcbind
> > > > 443/tcp open https
> > > > 933/tcp open unknown
> > > > 5001/tcp open commplex-link
> > > > 5801/tcp open vnc-http-1
> > > > 5901/tcp open vnc-1
> > > > 10000/tcp open snet-sensor-mgmt
> > > >
> > > > A UDP port scan seems to hang.
> > > >
> > > > If I do an rpcinfo on the external server running NFS I get:
> > > > # rpcinfo -p 127.0.0.1
> > > > program vers proto port
> > > > 100000 2 tcp 111 portmapper
> > > > 100000 2 udp 111 portmapper
> > > > 100024 1 udp 32768 status
> > > > 100024 1 tcp 32768 status
> > > > 391002 2 tcp 32769 sgi_fam
> > > > 100011 1 udp 930 rquotad
> > > > 100011 2 udp 930 rquotad
> > > > 100011 1 tcp 933 rquotad
> > > > 100011 2 tcp 933 rquotad
> > > > 100003 2 udp 2049 nfs
> > > > 100003 3 udp 2049 nfs
> > > > 100021 1 udp 32781 nlockmgr
> > > > 100021 3 udp 32781 nlockmgr
> > > > 100021 4 udp 32781 nlockmgr
> > > > 100005 1 udp 32782 mountd
> > > > 100005 1 tcp 59483 mountd
> > > > 100005 2 udp 32782 mountd
> > > > 100005 2 tcp 59483 mountd
> > > > 100005 3 udp 32782 mountd
> > > > 100005 3 tcp 59483 mountd
> > > >
> > > > Any thoughts on what the problem is?
> > > >
> > > > Thanks,
> > > > James
> > > >
> > >
> > > Check that all firewalls have been setup to allow UDP. It looks as though TCP is
> > > being allowed, but UDP is being blocked.
> > >
> > > What version of the kernel are you running on the server? It's only registering
> > > NFS vers 2&3 over UDP, not TCP.
> > >
> >
> > Although it took a while, it does appears that udp is working:
> > (The 1473 ports scanned but not shown below are in state: closed)
> > PORT STATE SERVICE
> > 123/udp open ntp
> > 676/udp open unknown
> > 743/udp open unknown
> > 2049/udp open nfs
> > 32768/udp open omad
> >
> ----
> don't you need port 111 open?
>
> Craig
TCP 111 is open. See TCP scan above.
James
More information about the users
mailing list