Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-user

From: Dan Farrell <dan@×××××××××.cx>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] [OT] NFS through a firewall
Date: Sat, 12 Apr 2008 01:08:30
Message-Id: 20080411200826.4db01288@pascal.spore.ath.cx
In Reply to: [gentoo-user] [OT] NFS through a firewall by Roger Mason
1 On Fri, 11 Apr 2008 11:19:11 -0230
2 Roger Mason <rmason@×××××××.ca> wrote:
3
4 > Hello,
5 >
6 > I'm trying to configure the firewall on a client to allow that client
7 > to mount an nfs directory. The client runs a netfilter firewall, the
8 > server uses tcpwrapper.
9 >
10 > rpcinfo -p on the server shows:
11 >
12 > beryl rmason # rpcinfo -p
13 > program vers proto port
14 > 100000 2 tcp 111 portmapper
15 > 100000 2 udp 111 portmapper
16 > 100024 1 udp 32765 status
17 > 100024 1 tcp 32765 status
18 > 100003 2 udp 2049 nfs
19 > 100003 3 udp 2049 nfs
20 > 100003 2 tcp 2049 nfs
21 > 100003 3 tcp 2049 nfs
22 > 100021 1 udp 4001 nlockmgr
23 > 100021 3 udp 4001 nlockmgr
24 > 100021 4 udp 4001 nlockmgr
25 > 100021 1 tcp 4001 nlockmgr
26 > 100021 3 tcp 4001 nlockmgr
27 > 100021 4 tcp 4001 nlockmgr
28 > 100005 1 udp 32767 mountd
29 > 100005 1 tcp 32767 mountd
30 > 100005 2 udp 32767 mountd
31 > 100005 2 tcp 32767 mountd
32 > 100005 3 udp 32767 mountd
33 > 100005 3 tcp 32767 mountd
34 >
35 > When I try to mount the exported directory when the firewall is
36 > running I get a timeout:
37 >
38 > minnie ~ $ mount -v Help/
39 > mount: trying 134.153.37.5 prog 100003 vers 3 prot tcp port 2049
40 > mount: trying 134.153.37.5 prog 100005 vers 3 prot udp port 32767
41 > mount: mount to NFS server 'beryl.esd.mun.ca' failed: timed out
42 > (retrying).
43 >
44 > If I drop the client firewall the mount succeeds.
45 >
46 > Can someone help me figure out what must be put in my iptables script
47 > to get this to work?
48
49 Accept all incoming and outgoing connections on the client that
50 originate from or go to the server. It would look something like this:
51
52 iptables -I INPUT -s 134.153.37.55 -j ACCEPT
53 iptables -I INPUT -s 134.153.37.55 -j ACCEPT
54
55 now make sure those will work with your config before just blindly
56 setting them up!
57
58 Best of luck! Hope it works.
59
60 -- Dan
61 --
62 gentoo-user@l.g.o mailing list

Replies

Subject Author
Re: [gentoo-user] [OT] NFS through a firewall Roger Mason <rmason@×××××××.ca>
Report Message
Find on MARC Find on Google Groups