On Fri, Feb 20, 2026 at 03:05:22AM +0000, bios_23498234908 wrote:
> I cannot mount my Debian NFS share on openBSD 7.7.
> I've opened ports 111 and 2049 on my Debian share.
> Portmap is running on openBSD and the Debian share won't
> mount thrugh the firewall. Only when I turn off the Debian firewall
> will the share mount in openBSD. Please help me. What ports should I use?
> Thanks ladies and gentlemen.
>
> My mount cmmand is as follows (works when firewall is entirely down).
> Might be a Debian isssue or an openBSD port issue.
Given it works when you disable the firewall on the Debian side, this
implies it is not a problem on the OpenBSD side.
NFS runs over various ports and you're correct to allow 111 and 2049,
but it uses other ports for other services, definitely mountd (part
of the mounting process), but depending on the implementations there are
other services that may be used. The portmapper allows finding these
services (running on port 111, which you have allowed).
You can see what ports are registered with the portmapper with:
rpcinfo -p host
Portmapper allows ports to be dynamic. At least on a Debian NFS server
here I see the ports for the mountd service change when I restart it.
Firewalling that is obviously fraught, but not an OpenBSD problem.
See this part of the Debian manpage for rpc.mountd(8):
-p or --port num
Specifies the port number used for RPC listener sockets. If this
option is not specified, rpc.mountd chooses a random ephemeral
port for each listener socket. This option can be used to fix
the port value of rpc.mountd's listeners when NFS MOUNT requests
must traverse a firewall between clients and servers.
