Author Login •
Post Reply
On Fri, 11 Apr 2008 11:19:11 -0230
Roger Mason <rmason@(protected):
> Hello,
>
> I'm trying to configure the firewall on a client to allow that client
> to mount an nfs directory. The client runs a netfilter firewall, the
> server uses tcpwrapper.
>
> rpcinfo -p on the server shows:
>
> beryl rmason # rpcinfo -p
> program vers proto port
> 100000 2 tcp 111 portmapper
> 100000 2 udp 111 portmapper
> 100024 1 udp 32765 status
> 100024 1 tcp 32765 status
> 100003 2 udp 2049 nfs
> 100003 3 udp 2049 nfs
> 100003 2 tcp 2049 nfs
> 100003 3 tcp 2049 nfs
> 100021 1 udp 4001 nlockmgr
> 100021 3 udp 4001 nlockmgr
> 100021 4 udp 4001 nlockmgr
> 100021 1 tcp 4001 nlockmgr
> 100021 3 tcp 4001 nlockmgr
> 100021 4 tcp 4001 nlockmgr
> 100005 1 udp 32767 mountd
> 100005 1 tcp 32767 mountd
> 100005 2 udp 32767 mountd
> 100005 2 tcp 32767 mountd
> 100005 3 udp 32767 mountd
> 100005 3 tcp 32767 mountd
>
> When I try to mount the exported directory when the firewall is
> running I get a timeout:
>
> minnie ~ $ mount -v Help/
> mount: trying 134.153.37.5 prog 100003 vers 3 prot tcp port 2049
> mount: trying 134.153.37.5 prog 100005 vers 3 prot udp port 32767
> mount: mount to NFS server 'beryl.esd.mun.ca' failed: timed out
> (retrying).
>
> If I drop the client firewall the mount succeeds.
>
> Can someone help me figure out what must be put in my iptables script
> to get this to work?
Accept all incoming and outgoing connections on the client that
originate from or go to the server. It would look something like this:
iptables -I INPUT -s 134.153.37.55 -j ACCEPT
iptables -I INPUT -s 134.153.37.55 -j ACCEPT
now make sure those will work with your config before just blindly
setting them up!
Best of luck! Hope it works.
-- Dan
--
gentoo-user@(protected)
