Re: nfs - Rob Verduijn

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Rob Verduijn <rverduij@dds.nl>
To: sr@gimp.org
Cc: netfilter@lists.netfilter.org
Subject: Re: nfs
Date: Tue, 05 Aug 2003 11:02:57 +0200	[thread overview]
Message-ID: <1060074177.2848.3.camel@rincewind> (raw)
In-Reply-To: <20030805081723.GD11849@localnet>

Hi there,

I do have some influence over the nfs server, (it's my backup server) so
that wouldn't be a big problem.

My second question would be what the IP table rule settings would be on
the server :)




On Tue, 2003-08-05 at 10:17, Sven Riedel wrote:
> On Tue, Aug 05, 2003 at 08:36:59AM +0200, Rob Verduijn wrote:
> > What would be the rule setting I need to mount a remote nfs share when I
> > am using connection tracking and a default DROP policy?
> 
> First, since NFS uses RPCs you need to know what ports rpc.mountd,
> rpc.statd and maybe rpc.lockd are running on. If you have influence over
> the server, try setting the ports explictly (invoke the daemons with the
> -p flag. Works with statd and mountd, lockd is a bit more tricky). 
> 
> Otherwise the ports are
> allocated dynamically and the client has to ask the remote portmapper
> where the daemons are listening. Any rules in this case are only valid
> as long as the rpc-services on the nfs-server aren't restarted.
> 
> You'll have to allow the following ports:
> udp/2049: nfs 
> tcp/2049: nfs, if you're using nfs over tcp, nfs v3 and up
> udp/111: portmap/sunrpc
> tcp/111: portmap/sunrpc
> udp/<rpc.statd>
> tcp/<rpc.statd>
> udp/<rpc.mountd>
> tcp/<rpc.mountd>
> and maybe:
> udp/<rpc.lockd>
> tcp/<rpc.lockd>
> 
> Regs,
> Sven
>

next prev parent reply	other threads:[~2003-08-05  9:02 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-08-05  6:36 nfs Rob Verduijn
2003-08-05  8:17 ` nfs Sven Riedel
2003-08-05  9:02   ` Rob Verduijn [this message]
2003-08-05  9:49     ` nfs Chris Wilson
2003-08-07  0:58 ` nfs Ulises Hernandez Pino

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1060074177.2848.3.camel@rincewind \
    --to=rverduij@dds.nl \
    --cc=netfilter@lists.netfilter.org \
    --cc=sr@gimp.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox