On Wed, Sep 07, 2011 at 01:38:28PM -0700, Christ Schlacta wrote: > I installed the universal configuration, then followed the guide to > enable NFS, but NFS failed miserably whenever shorewall was started or > stopped. only cleared allowed NFS traffic to function properly. I'm > using ubuntu 11.4, which I believe is using nfs4. sec is set to > sec=sys. not sure if more ports are needed, or different ports, or if > shorewall has done something unusual. I had to purge shorewall about a > week ago to ensure the system functions, so I can't provide a dump at > the moment, but if one is absolutely critical to proceeding to debug > this issue, I can schedule some downtime to the nfs server to acquire a > dump in the next few days. > I run Shorewall on a system that serves up filesystems as NFSv4. Here are the rules I use:
ACCEPT loc $FW tcp 111 ACCEPT loc $FW udp 111 ACCEPT loc $FW tcp 2049 ACCEPT loc $FW udp 2049 ACCEPT loc $FW tcp 32765:32769 ACCEPT loc $FW udp 32765:32769 In /etc/default/nfs-kernel-server, I have: RPCMOUNTDOPTS="-p 32767" In /etc/default/nfs-common, I have: STATDOPTS="--port 32765 --outgoing-port 32766" I think the key is *telling* the services what ports to use. Otherwise, they use random ports and traffic will probably not be allowed through. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
