Linux NFS Behind Firewall


Configure  NFS Behind  Firewall


NFS service needs  rpcbind,which  dynamically assigns  ports for RPC services.

Remote Procedure Call (RPC) is a protocol which one process can used to communicate other server without having to understand  network details.

So, running  NFS behind  firwall  is completely related  to RPC services firewall rules.To allow a client to acces  NFS shares behind a firewall, check  /etc/sysconfig/nfs configuration file to control which  ports  the required RPC services run on.

By default  /etc/sysconfig/nfs may not exist on system.If  it doesn’t exist  create  it and  add  following  lines.Also you can replace them with unused  ports as you wish.

After you define these  ports  restart  nfs  service and  check /var/log/messages.If NFS service doesn’t start normally, it means that  the  port  you have defined used  by  another  service or process.

Run “rpcinfo” command  to confirm  changes.

Configure a firewall to allow NFS
  1. Allow TCP and UDP port 2049 for NFS.
  2. Allow TCP and UDP port 111 (rpcbind/sunrpc).
  3. Allow the TCP and UDP port specified with MOUNTD_PORT=”port
  4. Allow the TCP and UDP port specified with STATD_PORT=”port
  5. Allow the TCP port specified with LOCKD_TCPPORT=”port
  6. Allow the UDP port specified with LOCKD_UDPPORT=”port

Default  Ports  For  Firewall Acces

How to Check  NFS Server Shares?

Follow me


I'm a System Engineer with extensive experience and administration skills and works for Interbank Card Center Of Turkey.I provide hardware and software support for the following Unix/Linux and Windows platforms.(Oracle Solaris,HP-UX, Linux, IBM-AIX, Windows Servers)
Follow me
facebooktwittergoogle_pluslinkedinby feather


You must be logged in to post a comment.