On Thu, Dec 12, 2013 at 5:01 PM, Juan Pablo Lorier <jplor...@gmail.com> wrote: ... > # nfs > -A INPUT -p tcp -m tcp --dport 111 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 38467 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT > -A INPUT -p udp -m udp --dport 2049 -j ACCEPT > -A INPUT -p udp -m udp --dport 41729 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 48491 -j ACCEPT > -A INPUT -p udp -m udp --dport 43828 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 48491 -j ACCEPT > -A INPUT -p udp -m udp --dport 47492 -j ACCEPT > -A INPUT -p tcp -m tcp --dport 58837 -j ACCEPT
The above rules might break after a reboot. Best practice is to set the normally dynamic nfs ports to fixed values in /etc/sysconfig/nfs and then open those ports in the firewall. > > Now I'm changing the settings by overriding the defaults in the domain > and auto negotiating the protocol. This firewall correction may be a > good thing to add in the deploy. Are you doing this on a node or on your engine server? The engine-setup configured both /etc/sysconfig/nfs and iptables for me on my engine server (for the iso domain). _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
