NFS through firewall

James Pifer jep at obrien-pifer.com
Fri Nov 18 15:14:54 UTC 2005 

On Fri, 2005-11-18 at 07:37 -0700, Craig White wrote:
> On Fri, 2005-11-18 at 09:21 -0500, James Pifer wrote:
> > On Fri, 2005-11-18 at 09:36 +0000, Nigel Wade wrote:
> > > James Pifer wrote:
> > > > Hi. I have a server in our DMZ and I'm exporting a specific directory
> > > > with NFS. I have an internal server that I want to mount it on. The
> > > > internal server is allowed through the firewall without restriction.
> > > > Firewall guy tells me it's wide open for this internal server, TCP and
> > > > UDP. 
> > > > 
> > > > When I try to mount the drive I get this error:
> > > > pmap_getmaps rpc problem: RPC: Unable to receive; errno = Connection
> > > > reset by peer
> > > > 
> > > > On the server running NFS I get this:
> > > > rpc.mountd: authenticated mount request from [internal_server]:680
> > > > for /usr/test (/usr/test)
> > > > 
> > > > If I do an nmap from the internal server to the external server running
> > > > I get:
> > > > 
> > > > (The 1648 ports scanned but not shown below are in state: closed)
> > > > PORT      STATE SERVICE
> > > > 22/tcp    open  ssh
> > > > 80/tcp    open  http
> > > > 111/tcp   open  rpcbind
> > > > 443/tcp   open  https
> > > > 933/tcp   open  unknown
> > > > 5001/tcp  open  commplex-link
> > > > 5801/tcp  open  vnc-http-1
> > > > 5901/tcp  open  vnc-1
> > > > 10000/tcp open  snet-sensor-mgmt
> > > > 
> > > > A UDP port scan seems to hang. 
> > > > 
> > > > If I do an rpcinfo on the external server running NFS I get:
> > > > # rpcinfo -p 127.0.0.1
> > > >    program vers proto   port
> > > >     100000    2   tcp    111  portmapper
> > > >     100000    2   udp    111  portmapper
> > > >     100024    1   udp  32768  status
> > > >     100024    1   tcp  32768  status
> > > >     391002    2   tcp  32769  sgi_fam
> > > >     100011    1   udp    930  rquotad
> > > >     100011    2   udp    930  rquotad
> > > >     100011    1   tcp    933  rquotad
> > > >     100011    2   tcp    933  rquotad
> > > >     100003    2   udp   2049  nfs
> > > >     100003    3   udp   2049  nfs
> > > >     100021    1   udp  32781  nlockmgr
> > > >     100021    3   udp  32781  nlockmgr
> > > >     100021    4   udp  32781  nlockmgr
> > > >     100005    1   udp  32782  mountd
> > > >     100005    1   tcp  59483  mountd
> > > >     100005    2   udp  32782  mountd
> > > >     100005    2   tcp  59483  mountd
> > > >     100005    3   udp  32782  mountd
> > > >     100005    3   tcp  59483  mountd
> > > > 
> > > > Any thoughts on what the problem is?
> > > > 
> > > > Thanks,
> > > > James
> > > > 
> > > 
> > > Check that all firewalls have been setup to allow UDP. It looks as though TCP is 
> > > being allowed, but UDP is being blocked.
> > > 
> > > What version of the kernel are you running on the server? It's only registering 
> > > NFS vers 2&3 over UDP, not TCP.
> > > 
> > 
> > Although it took a while, it does appears that udp is working:
> > (The 1473 ports scanned but not shown below are in state: closed)
> > PORT      STATE SERVICE
> > 123/udp   open  ntp
> > 676/udp   open  unknown
> > 743/udp   open  unknown
> > 2049/udp  open  nfs
> > 32768/udp open  omad
> > 
> ----
> don't you need port 111 open?
> 
> Craig


TCP 111 is open. See TCP scan above.

James

More information about the users mailing list