config iptables to allow NFS-mount thru firewall: how? - Redhat

This is a discussion on config iptables to allow NFS-mount thru firewall: how? - Redhat ; I have a newly-installed FC6 system. I want to NFS-mount a fs from the new system to an FC2 system. Right now I can't do so with the firewall running. I have tried various 'iptables' commands, all to no avail. ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: config iptables to allow NFS-mount thru firewall: how?

  1. config iptables to allow NFS-mount thru firewall: how?

    I have a newly-installed FC6 system. I want to NFS-mount a fs from
    the new system to an FC2 system.
    Right now I can't do so with the firewall running. I have tried
    various 'iptables' commands, all to no avail.
    Only when the firewall is totally disabled does the NFS-mount succeed.

    So: how does one config a firewall such that local filesystems can be
    NFS-mounted to remote systems?
    (And why is this seemingly documented nowhere?)

    Thanks to all,
    -Richard Vaughn


  2. Re: config iptables to allow NFS-mount thru firewall: how?

    On Mon, 19 Mar 2007 07:57:18 -0700, Richard Vaughn wrote:

    > I have a newly-installed FC6 system. I want to NFS-mount a fs from the
    > new system to an FC2 system.
    > Right now I can't do so with the firewall running. I have tried various
    > 'iptables' commands, all to no avail. Only when the firewall is totally
    > disabled does the NFS-mount succeed.
    >
    > So: how does one config a firewall such that local filesystems can be
    > NFS-mounted to remote systems?
    > (And why is this seemingly documented nowhere?)


    Open an x-term as root and run: tail -f /var/log/messages | grep address of host system>

    Where the host system is the machine you're trying to troubleshoot the
    connection to.

    Attempt to make the NFS connection.

    This will show you the kernel messages from iptables for the traffic
    that's being blocked.

    Build your rules accordingly.


  3. Re: config iptables to allow NFS-mount thru firewall: how?

    On Mon, 19 Mar 2007 10:12:37 -0500, Ivan Marsh wrote:

    > On Mon, 19 Mar 2007 07:57:18 -0700, Richard Vaughn wrote:
    >
    >> I have a newly-installed FC6 system. I want to NFS-mount a fs from the
    >> new system to an FC2 system.
    >> Right now I can't do so with the firewall running. I have tried various
    >> 'iptables' commands, all to no avail. Only when the firewall is totally
    >> disabled does the NFS-mount succeed.
    >>
    >> So: how does one config a firewall such that local filesystems can be
    >> NFS-mounted to remote systems?
    >> (And why is this seemingly documented nowhere?)

    >
    > Open an x-term as root and run: tail -f /var/log/messages | grep > address of host system>
    >
    > Where the host system is the machine you're trying to troubleshoot the
    > connection to.
    >
    > Attempt to make the NFS connection.
    >
    > This will show you the kernel messages from iptables for the traffic
    > that's being blocked.
    >
    > Build your rules accordingly.


    NFS support daemons (mountd, rpc.lockd, etc) use dynamic ports for RPC.
    You will have to lock down to a specific set of ports in
    /etc/sysconfig/nfs. Here is an example:

    MOUNTD_PORT=777
    RQUOTAD_PORT=778
    LOCKD_TCPPORT=779
    LOCKD_UDPPORT=779

    Allow these ports through your iptables rules, in addition to 'nfs' and
    'sunrpc'.


  4. Re: config iptables to allow NFS-mount thru firewall: how?

    In alt.comp.linux Richard Vaughn wrote:
    > I have a newly-installed FC6 system. I want to NFS-mount a fs from
    > the new system to an FC2 system.
    > Right now I can't do so with the firewall running. I have tried
    > various 'iptables' commands, all to no avail.
    > Only when the firewall is totally disabled does the NFS-mount succeed.
    >
    > So: how does one config a firewall such that local filesystems can be
    > NFS-mounted to remote systems?
    > (And why is this seemingly documented nowhere?)
    >
    >

    You may also want to look at sshfs as an alternative, especially if this is a
    one-off situation. sshfs will allow you to use ssh and FUSE to mount the
    filesystem--and since ssh is normally not blocked by firewalls, you shouldn't
    have any troubles there.

    Paul




    -------------------------------------------
    I judge a religion as being good or bad
    based on whether its adherents become
    better people as a result of practicing it.
    - Joe Mullally, computer salesman
    -------------------------------------------


  5. Re: config iptables to allow NFS-mount thru firewall: how?

    In news:1Jqdnf7ZkblppZzbnZ2dnUVZ_u_inZ2d@io.com,
    paul@paularcher.remove-this-part.org
    wrote:

    > ... and since ssh is normally not blocked by
    > firewalls, you shouldn't have any troubles there.


    Normally, *everything* is blocked by a _well-designed_ firewall except those
    ports specifically allowed to specific IP ranges.


+ Reply to Thread