RPC services use random ports specified by portmap so under the default configurations, setting open ports with iptables is difficult.
You will need to force a number of rpc services to use fixed ports.
If your using RedHat to do this, go through the /etc/init.d/ files related to nfs to find out how you can fix the relevant ports for rpc.statd, rpc.nfsd, rpc.mountd, rpc.lockd and rpc.rquotad. A good place to start would be the portmap file.
search for lines starting as follows:
daemon rpc.statd
and add the option to fix the port:
daemon rpc.statd -p 3334
You can then easily configure iptables to keep these ports open. be sure to keep the portmap 111 port open.
Last edited by SlackDaemon; 12-16-2006 at 03:54 AM.
|