Running Iptables With NFS
I’ve been asked a number of times how to allow NFS traffic with iptables.
Allowing NFS traffic through iptables is a little tricky because although NFS operates on a fixed port (2049), it is actually an RPC service so we need to ensure that the portmap is running, plus there are also a number of ancillary RPC services to consider (rpc.mountd, rpc.statd, rpc.lockd and rpc.rquotad).
There are two scenarios I will consider here, one in which the box running iptables is a client of a remote NFS server, and one in which the box running iptables is the server.
NFS Client of remote server
The iptables code to allow access to shares on a remote NFS server is available “here”.
This code may be inserted after the ALLOW_HOST directive in the example ruleset.
Add this line to modules.conf to fix the port that rpc.lockd uses:
options lockd nlm_udpport=32766 nlm_tcpport=32766
Also, modify /etc/rc.d/init.d/nfslock in order to fix the port that rpc.statd uses. Here’s the relevant piece of this file after modification:
echo -n $"Starting NFS statd: "
daemon rpc.statd -p 32765
RETVAL=$?
NFS Server to remote clients
The iptables code to allow access to a local NFS server from remote NFS clients is available “here”.
This code may be inserted after the ALLOW_HOST directive in the example ruleset.
Also, modify /etc/rc.d/init.d/nfslock in order to fix the port that rpc.statd uses. Here’s the relevant piece of this file after modification:
echo -n $"Starting NFS statd: "
daemon rpc.statd -p 32765
RETVAL=$?
[...] Einen interessanten weiterführenden Artikel zum Thema Iptables und NFS habe ich hier gefunden. [...]
Pingback by Lars-Schenk.com » Blog Archiv » PXE Netzwerk-Boot mit Ubuntu Client und Debian Server — October 26, 2006 @ 2:10 pm