NFS through firewall

Bohmer, Andre ten Andre.tenBohmer at wur.nl
Fri Nov 18 15:56:13 UTC 2005


Hi!

> Hi. I have a server in our DMZ and I'm exporting a specific 
> directory with NFS. I have an internal server that I want to 
> mount it on. The internal server is allowed through the 
> firewall without restriction.
> Firewall guy tells me it's wide open for this internal 
> server, TCP and UDP. 
> 
> When I try to mount the drive I get this error:
> pmap_getmaps rpc problem: RPC: Unable to receive; errno = 
> Connection reset by peer
> 
> On the server running NFS I get this:
> rpc.mountd: authenticated mount request from 
> [internal_server]:680 for /usr/test (/usr/test)
> 
> If I do an nmap from the internal server to the external 
> server running I get:
> 
> (The 1648 ports scanned but not shown below are in state: closed)
> PORT      STATE SERVICE
> 22/tcp    open  ssh
> 80/tcp    open  http
> 111/tcp   open  rpcbind
> 443/tcp   open  https
> 933/tcp   open  unknown
> 5001/tcp  open  commplex-link
> 5801/tcp  open  vnc-http-1
> 5901/tcp  open  vnc-1
> 10000/tcp open  snet-sensor-mgmt
> 
> A UDP port scan seems to hang. 
> 
> If I do an rpcinfo on the external server running NFS I get:
> # rpcinfo -p 127.0.0.1
>    program vers proto   port
>     100000    2   tcp    111  portmapper
>     100000    2   udp    111  portmapper
>     100024    1   udp  32768  status
>     100024    1   tcp  32768  status
>     391002    2   tcp  32769  sgi_fam
>     100011    1   udp    930  rquotad
>     100011    2   udp    930  rquotad
>     100011    1   tcp    933  rquotad
>     100011    2   tcp    933  rquotad
>     100003    2   udp   2049  nfs
>     100003    3   udp   2049  nfs
>     100021    1   udp  32781  nlockmgr
>     100021    3   udp  32781  nlockmgr
>     100021    4   udp  32781  nlockmgr
>     100005    1   udp  32782  mountd
>     100005    1   tcp  59483  mountd
>     100005    2   udp  32782  mountd
>     100005    2   tcp  59483  mountd
>     100005    3   udp  32782  mountd
>     100005    3   tcp  59483  mountd
> 
> Any thoughts on what the problem is?
Had no time to browse the full thread yet, but just my few cents:
- Did you check TCP wrappers (/etc/hosts.allow and /etc/hosts.deny) ? Like entries for portmap, nfsd, statd, rquotad, mountd and lockd
- A link I used regarding configuring NFS http://www.lowth.com/LinWiz/nfs_help.html through firewalls. Though your firewall seems to be open, maybe it helps to clarify some things.

Cheers,
André

> Thanks,
> James
> 
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> 




More information about the users mailing list