On Wed, 14 Nov 2007 17:02:51 -0500, Bill Davidsen wrote: > I have a firewall problem with running an NFS server on FC6 or FC8, due > to the GUI configuration interface not opening the firewall when I check > the NFS protocol support. It seems to only allow use as an NFS client, > since that worked fine when I tested it. > > I can put the needed rules in the "RH-Firewall-1-INPUT" chain, but > mixing GUI administration and manual administration is undesirable to > prevent unexpected behavior, conflicts, etc, in the future. Is there > really no way to open the ports for NFS server other than by hand? > > -- > Bill Davidsen <davidsen@xxxxxxx> > "We have more to fear from the bungling of the incompetent than from > the machinations of the wicked." - from Slashdot Here's what you do. Or rather what I did and have always been doing. [root@phoenix ~]# cat /etc/sysconfig/nfs | grep -v "#" RQUOTAD_PORT=4000 LOCKD_TCPPORT=4001 LOCKD_UDPPORT=4001 MOUNTD_PORT=4002 STATD_PORT=4003 (or whatever ports you want as long as they are not taken). Open these ports in the firewall. You can do this very well from the GUI in Sytem->Administration->Firewall. Just click on other ports and add 111 tcp (portmapper) 111 udp (portmapper) 4000-4003 tcp (whatever you defined in nfs) 4000-4003 udp (ditto) Note you don't need 4000 4002 and 4003 udp so you can be a little more strict, but I didn't bother, I opened up the whole range 4000-4003 udp. Restart fireall, restart nfs, done. Check on the server that the rpc services are running on the prescribed ports, and check from a client that you can see the server exports with showmount. For instance, if my nfs server is called phoenix, and a client is called orion, then [root@orion ~]# showmount -e phoenix Export list for phoenix: /opt 192.168.1.0/24,192.168.0.0/24 /home 192.168.1.0/24 /data 192.168.1.0/24,192.168.0.0/24 By the way, if you have the automounter running on the client, you do not need to enter the nfs partitions in fstab, etc. You may know this already.
