Slow down there Mad' - what you need depends critically on which version of NFS you are using.
All NFS is dependent on RPC for the communication protocol, but NFSv2 & v3 (the default) use the rpc port mapper feature which is somewhat deprecated. Your client chats with the NFS server rpcbind service and ask which of it's ports has the 10005 (rpc mount) service. The server rpcbind assigns a port, starts the service and then supplies the port number to the clien "hey - that service is now on port 40638". The client tries and fails since that port is firewalled on the server. One of the main features of rpc was this dynamic prt mapping/serving, but modern firewall requirements largely destroy this feature. 4 or 5 mapped rpc services are needed for NFSv2/3.
So Mad' is suggesting that you assign all the NFSv3 required rpc services to fixed ports, then you open the firewall on those ports. Note that the 'system-config-nfs' (second tab) and the 'system-config-firewall' will help with this sort of solution. I think this approach is old-school.
There are many positive changes with NFSv4, including the fact that it only requires the nfs rcp service on fixed port 2049. So nfsv4 is desirable when using nfs this through a firewall. nfsv4 only uses tcp, so there is reliable communication (nfsv2.3 can use udp or tcp, but there are some rude failure modes for udp). On Linux nfsv4 has modestly better performance. When using some security flavors (mount sec= option) modes the user name (not numeric uid) mapping applies, ACLs are supported and better security is available.
It's a no-brainer - use NFv4 and only port 2049.
A/ open server port 2049, start the nfs service.
B/ stop the rpc bind service and close port 111 and any others for rpc.
C/ modify your /etc/exports file to use the "fsid=0" option, like,
then reexport the share. "exportfs -au; exportfs -av"
D/ on the client mount from "server:/" (root) instead of "server:/home/common" and replace the filesys type from "nfs" to "nfsv4" like in fstab:
hypoxylon:/ /home/common nfs4 _netdev,rw,exec,suid 0 0
406 Not Acceptable - The requested resource is only capable of generating content not acceptable.
499 Client Closed Request - The connection has been closed by client.
Last edited by stevea; 27th February 2010 at 01:50 AM.