firewall kills nfs

I have never been able to get NFS clients or servers through the OpenSUSE firewall no matter what I do. If I disable the firewall on a machine, it can see NFS servers and other machines can see its NFS shares. If I enable the firewall on a machine, other machines can’t see its NFS shares and it can’t see other NFS servers. I have two OpenSUSE machines and can verify this behavior on both of them. I have the firewall set to allow NFS clients & servers on all interfaces. Has anyone ever gotten this to work? Is this just a bug in the firewall? This has never worked for me so I’m just going to file a bug report if I can’t get it working.

I finally got this working. I think the problem I was having is that I can’t scan for hosts through the firewall. Why is that? Specifically, I mean when I go to Yast->NFS Client->Add->Choose, if the firewall is running on the client machine or the host machine it blocks the server from showing up here. I either didn’t try this before or it didn’t work the last time I tried it, but I just typed in the server’s IP address and hit ‘select’ for the remote directory, and the shares show up correctly. Why can’t I scan for hosts through the firewall? Is this a bug? How would I scan for hosts through terminal?

Did you also open up the correct port? (Default for NFSv4 is 2049)

YaST -> Network Services -> NFS Client->NFS Settings, then ‘Open Port in Firewall’

To use scan for hosts I believe you need slp server running, unless you’re going to be scanning for services on a regular basis it’s probably easier to just manually type the host when adding your nfs shares

I looked at the same thing when I first set up nfs and didn’t get much luck setting up slp, I think you also have to do something in the firewall broadcast section, after a couple of hours trying different things I figured it wasn’t worth the hassle over something that only takes a second to do manually in the first place

It would probably take longer to scan than it does to type the ip anyway, doesn’t seem much point on a small network where you already know the ip of the machine providing the service