Iptables Rules for NFS Server and NFS Client

resultsway picture resultsway · Oct 3, 2014 · Viewed 41k times · Source

Without iptables rules I am able to mount my NFSSERVER:/PATH but with it(firewall/iptables) enabled I am not able to mount.

[.e.g., after iptables --flush/ firewaalld stop ; mount NFSSERVER:/Path works ]

I am not supposed to disable/clear the firewall/iptables but I am allowed to open a port. What is the rule that I need to add to open up the port/mount?

Current default policy is DROP all INCOMING/OUTGOING/FORWARD and there are couple of rules to allow wget from external 80 port etc.,

adding the NFS Server port didnt help.

iptables -A OUTPUT -p tcp --dport 2049 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 2049 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --dport 2049 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --sport 2049 -m state --state ESTABLISHED -j ACCEPT

Thanks.

PS: This is for nfs client not NFS server machine.

Answer

Mike Gleason picture Mike Gleason · Mar 3, 2016

If all you need is NFS version 4 (which is already over 10 years old), you don't need to go to all of the effort described in @Sathish's answer. Just make sure TCP port 2049 is open the server's firewall, and that the client's firewall allows outbound traffic to port 2049 on the server.

CentOS 5 (also old) has a nice explanation of why NFSv4 is more firewall friendly than v3 and v2.