I have 2 openSUSE 11.1 machines, a desktop and a laptop. I want to setup an NFS share between them with the desktop as the server and the laptop as a client.
I’ve downloaded all the packages for the nfs server and have started the nfs server on the desktop. However, the laptop can only see the desktop when firewalls on both machines are turned off. When I turn the firewalls on, even with every service port open (well the ones YaST gives me options for anyway) the client can’t find the nfs server host. How do I configure the firewall so that when its on I can use NFS?
I believe the port is 2049 so add that in your Advanced list under TCP
(I believe). Otherwise check a LAN trace and see where packets are
hitting a firewall. You could also check /var/log/firewall to possibly
see the same thing more-easily.
Good luck.
aces high wrote:
> I have 2 openSUSE 11.1 machines, a desktop and a laptop. I want to setup
> an NFS share between them with the desktop as the server and the laptop
> as a client.
>
> I’ve downloaded all the packages for the nfs server and have started
> the nfs server on the desktop. However, the laptop can only see the
> desktop when firewalls on both machines are turned off. When I turn the
> firewalls on, even with every service port open (well the ones YaST
> gives me options for anyway) the client can’t find the nfs server host.
> How do I configure the firewall so that when its on I can use NFS?
>
> Thanks.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
NFS is problematic for firewalls because of the number of RPC services involved which are normally at floating ports. rpc.mountd can be instructed to use a fixed port which you allow through the firewall, by editing /etc/sysconfig/nfs, setting MOUNTD_PORT to some suitable port. This might be good to do anyway, because I once found that rpc.mountd had clashed with cups just by accident.
You may or may not need to do something similar to rpc.statd, but this one doesn’t have a sysconfig setting, you have to edit the file /etc/init.d/nfsserver and add -p <port> to the rpc.statd invocation.
I’m unsure what port to use. I don’t want to screw something else up by using a port thats already in use. Is there a good range I can pick a port number from? Sorry if thats a bit of a noob question
Also, same question for rcp.statd any suggestion on a port number for that?
One last thing, apart from the two ports for rcp.mountd and rcp.statd are there any other ports I should open in the firewall?
I don’t think there are officially assigned ports for mountd and statd, unfortunately so no help from that area. This posting claims that it dynamically allocates a port in the range 48000 upwards and that appears to be correct from observing my mountd.
---- 1 ----
set rpc.mountd to port 48000
opened port 48000 on TCP and UDP on the firewall
opened every service on the firewall
client firewall disabled
---- 2 ----
set rpc.mountd to port 48000
set rpc.statd to port 48001 in /etc/init.d/nfsserver
opened port 48000 on TCP and UDP on the firewall
opened port 48001 on TCP and UDP on the firewall
opened every service on the firewall
client firewall disabled
Something on the server is still being blocked, it works fine when both firewalls are disabled. Are there any other ports I should open to get this working? Thanks for the help by the way
Did you remember the basic ports for nfs (2049) and sunrpc (111)?
BTW, if you are using 11.1, there is a firewall preset in YaST SuSEfirewall2 for NFS. I can’t vouch that it works though, there has been a bug found in the recipe for Samba.
Just one thing, are you opening the ports to the external zone? You should, and not internal zone.
It’s a bit confusing, the SuSEfirewall2 terminology for zones. When an OpenSUSE host has only one network interface, everything outside it is external even though it may be attached to a LAN. There is only an internal zone when the host has more than one interface and is acting as a router.
