I recently tried to set up a NFS share using YaST and experienced some rather frustrating difficulties.
The most significant one was the YaST2 NFS Server module telling me that the firewall was not configurable.
Firewall not configurable
Some firewalld services are not available:
-nfs-kernel-server (Not available)
(I tried pasting a screenshot using https://susepaste.org, but after clicking Create I get: 404 Page Not Found
I also tried Insert Image from a URL. It doesn’t show up.)
Here’s the screenshot: Pasteboard - Uploaded Image
I went ahead with the configuration and manually added the ‘nfs’ service to the appropriate zone in the Firewall module. That didn’t work. No exported mounts were visible from the client machine. I knew it was a firewall issue because stopping it on the server machine allowed the mounts to be found by the client machine.
After quit a bit of time researching, I learned from this StackExchange answer that ‘rpc-bind’ and ‘mountd’ services are also required for NFSv4. So, I added those services to the zone in Firewall.
And, yes, that worked.
This, then, begs the question: why is there no ‘nfs-kernel-server’ service available to firewalld? There is no nfs-kernel-server.xml file anywhere on the system. [Ref. Documentation - HowTo - Add a Service | firewalld] (There are, though, still remnants of SuSEfirewall2.)
Knowing what does work, I then created a nfs-kernel-server.xml file from content in nfs.xml, rpc-bind.xml, and mountd.xml. I copied it to /etc/firewalld/services and reloaded the firewall. Back in the Firewall module of YaST2, I added the now-available service ‘nfs-kernel-server’ and removed ‘nfs’, ‘rpc-bind’, and ‘mountd’.
That works too.
Here’s the the content of nfs-kernel-server.xml:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>nfs-kernel-server</short>
<description>Service ports required for NFS Kernel Server</description>
<!-- NFS -->
<port protocol="tcp" port="2049"/>
<!-- RPC Bind -->
<port protocol="tcp" port="111"/>
<port protocol="udp" port="111"/>
<!-- mountd -->
<port protocol="tcp" port="20048"/>
<port protocol="udp" port="20048"/>
</service>
I thought about posting this in the “How To/FAQ Forums”, but hopefully this will be a temporary issue.