nfs4 ubuntu firewall

An NFS exchange server works normaly out of the box. But if you need to have a firewallscript like iptables on your system NFS connection will fail.

Why is the big question … NFS works with rpc (Remote Procedure Call). This means that ports will allocated randomly. One way is to tell your firewall that their are rpc and that the specific port will be opened and closed.

An easier option is to modify the nfs-kernel-server itself.

First modify /etc/default/nfs-common:
go to line STATDOPTS and add:

STATDOPTS="--port 4000"

Further you need to modify  /etc/default/nfs-kernel-server:
go to  RPCMOUNTDOPTS and ad:

RPCMOUNTDOPTS="--p 4002"

And now you need to export your nfs folder. I have a separate partition for /export for NFS.

Modify /etc/exports:

/export/home 192.168.178.0/24(rw,nohide,insecure,no_subtree_check,async)

Now please restart the nfs-kernel-server

/etc/init.d/nfs-kernel-server restart

To finalize your NFS server, go to your firewall and open ports TCP/UDP 2039,4000,4002 and restart your firewall filter.

 

To mount your firewall protected NFS Server just add “proto” to your mount command and give alues for the uses protocoll and portnumber:

mount -t nfs4 -o proto=tcp,port=2049 192.168.178.253:/export/home /mnt

 

 

Sources:

https://help.ubuntu.com/community/NFSv4Howto

http://www.ubuntu-forum.de/post/112827/gel%C3%B6st-nfs-und-port-638-firewall.html#post112827

http://ubuntuforums.org/showthread.php?t=352486

http://wiki.linux-nfs.org/wiki/index.php/Nfsv4_configuration

Leave a Reply

Your email address will not be published. Required fields are marked *