1 |
On Fri, 11 Apr 2008 11:19:11 -0230 |
2 |
Roger Mason <rmason@×××××××.ca> wrote: |
3 |
|
4 |
> Hello, |
5 |
> |
6 |
> I'm trying to configure the firewall on a client to allow that client |
7 |
> to mount an nfs directory. The client runs a netfilter firewall, the |
8 |
> server uses tcpwrapper. |
9 |
> |
10 |
> rpcinfo -p on the server shows: |
11 |
> |
12 |
> beryl rmason # rpcinfo -p |
13 |
> program vers proto port |
14 |
> 100000 2 tcp 111 portmapper |
15 |
> 100000 2 udp 111 portmapper |
16 |
> 100024 1 udp 32765 status |
17 |
> 100024 1 tcp 32765 status |
18 |
> 100003 2 udp 2049 nfs |
19 |
> 100003 3 udp 2049 nfs |
20 |
> 100003 2 tcp 2049 nfs |
21 |
> 100003 3 tcp 2049 nfs |
22 |
> 100021 1 udp 4001 nlockmgr |
23 |
> 100021 3 udp 4001 nlockmgr |
24 |
> 100021 4 udp 4001 nlockmgr |
25 |
> 100021 1 tcp 4001 nlockmgr |
26 |
> 100021 3 tcp 4001 nlockmgr |
27 |
> 100021 4 tcp 4001 nlockmgr |
28 |
> 100005 1 udp 32767 mountd |
29 |
> 100005 1 tcp 32767 mountd |
30 |
> 100005 2 udp 32767 mountd |
31 |
> 100005 2 tcp 32767 mountd |
32 |
> 100005 3 udp 32767 mountd |
33 |
> 100005 3 tcp 32767 mountd |
34 |
> |
35 |
> When I try to mount the exported directory when the firewall is |
36 |
> running I get a timeout: |
37 |
> |
38 |
> minnie ~ $ mount -v Help/ |
39 |
> mount: trying 134.153.37.5 prog 100003 vers 3 prot tcp port 2049 |
40 |
> mount: trying 134.153.37.5 prog 100005 vers 3 prot udp port 32767 |
41 |
> mount: mount to NFS server 'beryl.esd.mun.ca' failed: timed out |
42 |
> (retrying). |
43 |
> |
44 |
> If I drop the client firewall the mount succeeds. |
45 |
> |
46 |
> Can someone help me figure out what must be put in my iptables script |
47 |
> to get this to work? |
48 |
|
49 |
Accept all incoming and outgoing connections on the client that |
50 |
originate from or go to the server. It would look something like this: |
51 |
|
52 |
iptables -I INPUT -s 134.153.37.55 -j ACCEPT |
53 |
iptables -I INPUT -s 134.153.37.55 -j ACCEPT |
54 |
|
55 |
now make sure those will work with your config before just blindly |
56 |
setting them up! |
57 |
|
58 |
Best of luck! Hope it works. |
59 |
|
60 |
-- Dan |
61 |
-- |
62 |
gentoo-user@l.g.o mailing list |