Fedora Linux Support Community & Resources Center
Old 26th February 2010, 01:14 AM
manojg Offline
Registered User
Join Date: May 2006
Posts: 187
NFS with firewall


I was running NFS in my Fedora. I found that I could not mount exported directory in client machine (Fedora ) with firewall enable in NSF server. Even I tried by clicking out all services in firewall (but not disabling it), it did not work. To make it work, I had to disable firewall.

Is there any way to do this without disabling firewall?

Reply With Quote
Old 26th February 2010, 03:40 AM
madhavdiwan Offline
Registered User
Join Date: Jun 2009
Posts: 472
You must assign static ports to NFS in its configuration file and then add those ports to the firewall configuration.

please look in


and configure it per your requirements

also remember to add the portmap/rpcbind daemon port to the firewall.

as long as the client can get to the portmap daemon ( rpcbind) it will be told which ports to use through the firewall
Reply With Quote
Old 27th February 2010, 01:42 AM
Posts: n/a
Slow down there Mad' - what you need depends critically on which version of NFS you are using.

All NFS is dependent on RPC for the communication protocol, but NFSv2 & v3 (the default) use the rpc port mapper feature which is somewhat deprecated. Your client chats with the NFS server rpcbind service and ask which of it's ports has the 10005 (rpc mount) service. The server rpcbind assigns a port, starts the service and then supplies the port number to the clien "hey - that service is now on port 40638". The client tries and fails since that port is firewalled on the server. One of the main features of rpc was this dynamic prt mapping/serving, but modern firewall requirements largely destroy this feature. 4 or 5 mapped rpc services are needed for NFSv2/3.

So Mad' is suggesting that you assign all the NFSv3 required rpc services to fixed ports, then you open the firewall on those ports. Note that the 'system-config-nfs' (second tab) and the 'system-config-firewall' will help with this sort of solution. I think this approach is old-school.

There are many positive changes with NFSv4, including the fact that it only requires the nfs rcp service on fixed port 2049. So nfsv4 is desirable when using nfs this through a firewall. nfsv4 only uses tcp, so there is reliable communication (nfsv2.3 can use udp or tcp, but there are some rude failure modes for udp). On Linux nfsv4 has modestly better performance. When using some security flavors (mount sec= option) modes the user name (not numeric uid) mapping applies, ACLs are supported and better security is available.


It's a no-brainer - use NFv4 and only port 2049.

A/ open server port 2049, start the nfs service.
B/ stop the rpc bind service and close port 111 and any others for rpc.
C/ modify your /etc/exports file to use the "fsid=0" option, like,
/home/common *(rw,insecure,sync,no_subtree_check,mp=/home,fsid=0,no_root_squash)
then reexport the share. "exportfs -au; exportfs -av"
D/ on the client mount from "server:/" (root) instead of "server:/home/common" and replace the filesys type from "nfs" to "nfsv4" like in fstab:
hypoxylon:/ /home/common nfs4 _netdev,rw,exec,suid 0 0

Last edited by stevea; 27th February 2010 at 01:50 AM.
Reply With Quote
Old 3rd March 2010, 05:38 PM
manojg Offline
Registered User
Join Date: May 2006
Posts: 187
Thanks everybody. I will try these methods.
Reply With Quote

firewall, nfs

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
firewall jasmine Using Fedora 4 16th February 2009 08:35 AM
Firewall GUI FC4 ColonelPenguin Security and Privacy 1 20th August 2006 02:44 AM
what firewall cederstrom Security and Privacy 8 19th July 2005 11:51 PM
Fedora firewall vs SUSE firewall claes Security and Privacy 6 1st February 2005 11:04 PM

Current GMT-time: 01:52 (Saturday, 19-08-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat