Bill Davidsen wrote:
I have a firewall problem with running an NFS server on FC6 or FC8, due
to the GUI configuration interface not opening the firewall when I check
the NFS protocol support. It seems to only allow use as an NFS client,
since that worked fine when I tested it.
I can put the needed rules in the "RH-Firewall-1-INPUT" chain, but
mixing GUI administration and manual administration is undesirable to
prevent unexpected behavior, conflicts, etc, in the future. Is there
really no way to open the ports for NFS server other than by hand?
I've just been down this path. I found a HOWTO by several authors,
including Mr Yum. Are you listening?
It was very old, but gave the basic information. Some of the details are
wrong for current Linux distributions.
I use shorewall firewall (on CentOS4 at home, Debian at work).
A part of the problem is that ports float, so first you need to tie
those down.
I discovered what to tie them to by finding what they were using at the
time. I used lsof, but netstat can do it too.
I examined the nfs startup script to discover how to lock them down, and
came to this. These are the values I have:
[root@js ~]# cat /etc/sysconfig/nfs
LOCKD_TCPPORT=32768
LOCKD_UDPPORT=32788
RQUOTAD_PORT=621
MOUNTD_PORT=640
[root@js ~]#
Then, I opened those ports as usual.
My NFS is working, but the real test comes next time I boot the
server/firewall.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
Please do not reply off-list
