On May 13, 2012, at 12:38 PM, William D. Armstrong - BSSN wrote: > I use this for access a nfs solaris 11 from another interface. > DMZ LAN > TCP/UDP 172.16.42.10 * 10.0.1.138 111 * > qACK/qOthersHigh WWW > -> SUN Remote Procedure Call > TCP/UDP 172.16.42.10 * 10.0.1.138 1110 * > qACK/qOthersHigh > WWW -> Cluster status info > TCP/UDP 172.16.42.10 * 10.0.1.138 2049 * > qACK/qOthersHigh > WWW -> NFS server daemon > TCP/UDP 172.16.42.10 * 10.0.1.138 4045 * > qACK/qOthersHigh > WWW -> NFS lock daemon manager
That's NFSv4, which is certainly much easier to firewall (that was part of their design decision). Prior version of NFS required use of the portmapper, which is what makes all of this complicated. I know that at my work, our central NAS appliance simply didn't have the feature of specifying static ports for NFSv3 portmapper interactions. So we had to allow based on IP addresses. ~irl _______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
