NFS requires UDP port 6360?

Lately I have been having troubles with connecting to my NFS shares. None of them, I have 7 total with 2 being connected to almost constantly and 5 being for specific IP’s only, were working after I shut down the service and restarted it so that I could use the external drive that 2 of the shares are on somewhere else. This boggled my mind for awhile as I thought it was a problem with my client, the sm-notify service took forever and a bit to start up.

But then I checked my server logs and discovered the following in /var/firewall:

Sep 21 12:57:26 skuld-serv kernel: SFW2-INext-ACC-RPC IN=eth0 OUT= MAC=00:08:0d:3e:6c:cf:00:e0:98:a1:7b:14:08:00 SRC=192.168.0.106 DST=192.168.0.20 LEN=116 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=44487 DPT=111 LEN=96                                                                                          
Sep 21 12:57:26 skuld-serv kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:08:0d:3e:6c:cf:00:e0:98:a1:7b:14:08:00 SRC=192.168.0.106 DST=192.168.0.20 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=914 DPT=6360 LEN=48

This is from one client trying to connect to the server. The last line notes destination port 6360 as being blocked. Needless to say the client could not mount the share.

At this point I went into yast and opened UDP port 6360. After closing yast I tested the mount again and this time had success.

A look at the successful output from /var/firewall:

Sep 21 13:03:12 skuld-serv kernel: SFW2-INext-ACC-RPC IN=eth0 OUT= MAC=00:08:0d:3e:6c:cf:00:e0:98:a1:7b:14:08:00 SRC=192.168.0.106 DST=192.168.0.20 LEN=116 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=39185 DPT=111 LEN=96

Sep 21 13:03:12 skuld-serv kernel: SFW2-INext-ACC-RPC IN=eth0 OUT= MAC=00:08:0d:3e:6c:cf:00:e0:98:a1:7b:14:08:00 SRC=192.168.0.106 DST=192.168.0.20 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=737 DPT=6360 LEN=48  

I then closed UD port 6360 again to verify that this was the problem. After doing so I tried to mount a share again and had no problem. This seems to suggest that the port is only needed every once in a while.

Does anyone have an idea as to why this might be and why the NFS Server configuration in yast does not open this port when it seems that it is needed?:?

I do not know if I can explain this as exhaustive as it should be because of lack of detailed knowledge.

NFS uses RPC. RPC uses a portmapper. When RPC need a port, it asks portmapper and gets a free one. Thus it is not certain which one. This can differ. Thus YaST can not know which ports to open in the firewall.

You could search for details using terms like RPC and portmapper in Wikipedia and Google.

HTH

OK, thats easy enough to understand. Thanks hcw.

But then why could I make a connection after a fresh reboot, and not after a restart of the service? Does something happen in the firewall startup script that opens the port that portmapper happens to choose or something else. Because I still can’t connect when I stop than start the service manually through the init.d script.

On a related note I just added a share via YAST and it restarted the service as it normally does and I can’t connect to the share. Got this in the firewall log:

Sep 25 13:22:56 skuld kernel: SFW2-INext-ACC-RPC IN=eth0 OUT= MAC=00:1e:33:b4:61:5e:00:e0:98:a1:7b:14:08:00 SRC=192.168.0.106 DST=192.168.0.105 LEN=116 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=46200 DPT=111 LEN=96
Sep 25 13:22:56 skuld kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:1e:33:b4:61:5e:00:e0:98:a1:7b:14:08:00 SRC=192.168.0.106 DST=192.168.0.105 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=879 DPT=60590 LEN=48
Sep 25 13:23:01 skuld kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:1e:33:b4:61:5e:00:e0:98:a1:7b:14:08:00 SRC=192.168.0.106 DST=192.168.0.105 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=879 DPT=60590 LEN=48
Sep 25 13:23:11 skuld kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=00:1e:33:b4:61:5e:00:e0:98:a1:7b:14:08:00 SRC=192.168.0.106 DST=192.168.0.105 LEN=68 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=879 DPT=60590 LEN=48

Same problem as before, just a different port, 60590.
So the question is, how can I get the firewall to open up the proper port that portmapper, or RPC or whatever app it is, binds to when the nfsserver service is restarted via init.d script.