Fedora Linux Support Community & Resources Center
  #1  
Old 26th February 2010, 01:14 AM
manojg Offline
Registered User
 
Join Date: May 2006
Posts: 185
macosfirefox
NFS with firewall

Hi,

I was running NFS in my Fedora. I found that I could not mount exported directory in client machine (Fedora ) with firewall enable in NSF server. Even I tried by clicking out all services in firewall (but not disabling it), it did not work. To make it work, I had to disable firewall.

Is there any way to do this without disabling firewall?

Thanks.
Reply With Quote
  #2  
Old 26th February 2010, 03:40 AM
madhavdiwan Offline
Registered User
 
Join Date: Jun 2009
Posts: 472
windows_xp_2003firefox
You must assign static ports to NFS in its configuration file and then add those ports to the firewall configuration.

please look in

/etc/sysconfig/nfs

and configure it per your requirements

also remember to add the portmap/rpcbind daemon port to the firewall.

as long as the client can get to the portmap daemon ( rpcbind) it will be told which ports to use through the firewall
Reply With Quote
  #3  
Old 27th February 2010, 01:42 AM
stevea Offline
Registered User
 
Join Date: Apr 2006
Location: Ohio, USA
Posts: 8,994
linuxfedorafirefox
Slow down there Mad' - what you need depends critically on which version of NFS you are using.

All NFS is dependent on RPC for the communication protocol, but NFSv2 & v3 (the default) use the rpc port mapper feature which is somewhat deprecated. Your client chats with the NFS server rpcbind service and ask which of it's ports has the 10005 (rpc mount) service. The server rpcbind assigns a port, starts the service and then supplies the port number to the clien "hey - that service is now on port 40638". The client tries and fails since that port is firewalled on the server. One of the main features of rpc was this dynamic prt mapping/serving, but modern firewall requirements largely destroy this feature. 4 or 5 mapped rpc services are needed for NFSv2/3.

So Mad' is suggesting that you assign all the NFSv3 required rpc services to fixed ports, then you open the firewall on those ports. Note that the 'system-config-nfs' (second tab) and the 'system-config-firewall' will help with this sort of solution. I think this approach is old-school.

There are many positive changes with NFSv4, including the fact that it only requires the nfs rcp service on fixed port 2049. So nfsv4 is desirable when using nfs this through a firewall. nfsv4 only uses tcp, so there is reliable communication (nfsv2.3 can use udp or tcp, but there are some rude failure modes for udp). On Linux nfsv4 has modestly better performance. When using some security flavors (mount sec= option) modes the user name (not numeric uid) mapping applies, ACLs are supported and better security is available.

====

It's a no-brainer - use NFv4 and only port 2049.

A/ open server port 2049, start the nfs service.
B/ stop the rpc bind service and close port 111 and any others for rpc.
C/ modify your /etc/exports file to use the "fsid=0" option, like,
/home/common *(rw,insecure,sync,no_subtree_check,mp=/home,fsid=0,no_root_squash)
then reexport the share. "exportfs -au; exportfs -av"
D/ on the client mount from "server:/" (root) instead of "server:/home/common" and replace the filesys type from "nfs" to "nfsv4" like in fstab:
hypoxylon:/ /home/common nfs4 _netdev,rw,exec,suid 0 0
__________________
None are more hopelessly enslaved than those who falsely believe they are free.
Johann Wolfgang von Goethe

Last edited by stevea; 27th February 2010 at 01:50 AM.
Reply With Quote
  #4  
Old 3rd March 2010, 05:38 PM
manojg Offline
Registered User
 
Join Date: May 2006
Posts: 185
macosfirefox
Thanks everybody. I will try these methods.
Reply With Quote
Reply

Tags
firewall, nfs

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
firewall jasmine Using Fedora 4 16th February 2009 08:35 AM
Firewall GUI FC4 ColonelPenguin Security and Privacy 1 20th August 2006 03:44 AM
what firewall cederstrom Security and Privacy 8 20th July 2005 12:51 AM
Fedora firewall vs SUSE firewall claes Security and Privacy 6 1st February 2005 11:04 PM


Current GMT-time: 14:27 (Friday, 28-11-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Singapore Changi International Airport T2 Gate F54 Photos on Instagram - Gunung Merbabu Travel Photos