Without iptables
rules I am able to mount my NFSSERVER:/PATH
but with it(firewall
/iptables
) enabled I am not able to mount.
[.e.g., after iptables --flush/ firewaalld stop ; mount NFSSERVER:/Path works ]
I am not supposed to disable/clear the firewall
/iptables
but I am allowed to open a port. What is the rule that I need to add to open up the port/mount?
Current default policy is DROP all INCOMING/OUTGOING/FORWARD
and there are couple of rules to allow wget from external 80 port etc.,
adding the NFS Server port didnt help.
iptables -A OUTPUT -p tcp --dport 2049 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 2049 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --dport 2049 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --sport 2049 -m state --state ESTABLISHED -j ACCEPT
Thanks.
PS: This is for nfs
client not NFS
server machine.
If all you need is NFS version 4 (which is already over 10 years old), you don't need to go to all of the effort described in @Sathish's answer. Just make sure TCP port 2049 is open the server's firewall, and that the client's firewall allows outbound traffic to port 2049 on the server.
CentOS 5 (also old) has a nice explanation of why NFSv4 is more firewall friendly than v3 and v2.