James Melin wrote:
Good morning (or evening, depenging) everyone.
I am hoping someone can shed some light on something for me...
Trying to a read-only NFS export of a directory through the DMZ firewall to a
local linux instance. From what I have read, NFSV4 uses port 2049 to
make it's connections. Presumable this is for both client and server as I've
seen nothing about such a distinction.
Both systemsare SLES-10 SP1. When the external firewall rules are set specifically
allow port 2049 between the two machines it fails with a "mount
server reported tcp not available, falling back to udp" error and then
eventually just gives up.
When the firewall is set to allow all connections between these two hosts it
works. So obviously port 2049 isn't really it, or it isn't all of the
answer.
So, what am I missing?
Hi James,
I've just got this setup working for SLES10 SP1 but with NFS V3.
Problem is made difficult by the dynamic allocations of ports via the
portmapper.
You can display the ports on both the NFS Server and Client using:
rpcinfo -p
You need to "fix" the ports for rpc.mountd and the lockd, so that you
have known ports to add to your firewall.
for the mountd you need to edit /etc/sysconfig/nfs and add a line
similar to the following:
nfs:MOUNTD_PORT="745"
For the lockd its a kernel module, so edit /etc/modprobe.conf and add 2
lines:
options lockd nlm_tcpport=28575
options lockd nlm_udpport=28575
Ensure that you have set these ports into your
/etc/sysconfig/SuSEfirewall2 file!
Also note that this need to be done on both Server and Client for
notification of NFS Server restarts etc.
Mark
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
