On Mon, 2006-05-15 at 14:27 -0500, Hongwei Li wrote: > Hi, > > I have a question about iptables in fc5. I have iptables 1.3.5-1.2 installed. > By default, the iptables has a line > -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT > ... and > -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited > > I try to add the port 2049 for our lan nfs by adding aline before the above > reject line: > You're also going to need to unblock ports for portmapper, mountd, rquotad, and (maybe) rstatd and nfslockd. I don't use the last two on my home systems. Create a file on the server at /etc/sysconfig/nfs that will bind mountd and rquotad to fixed ports (I use 922 and 923, but you don't have to). [root@petrel ~]# cat /etc/sysconfig/nfs export MOUNTD_PORT=922 export RQUOTAD_PORT=923 Then, in /etc/sysconfig/iptables, add the following rules (change the -s address as appropriate, or remove it altogether): -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 922 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 922 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 923 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 923 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p udp --dport 111 -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -p tcp --dport 2049 -j ACCEPT -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT
