LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 07-22-2008, 04:34 PM   #1
nyheat
Member
 
Registered: Aug 2005
Distribution: Debian
Posts: 75

Rep: Reputation: 15
NFS doesn't work unless iptables are stopped


I'm running CentOS 5.2.

I've enabled NFS through the system-config-securitylevel (firewall) tool but the client machine can't mount the NFS unless I first do service iptables stop on the server.

Here's some output from the server:
Quote:
[root@localhost ~]# vi /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#


ALL: 192.168.1.101
ALL: 192.168.1.102
Quote:
[root@localhost ~]# vi /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!

ALL: ALL
Quote:
[root@localhost ~]# nmap -sT -O localhost

Starting Nmap 4.20 ( http://insecure.org ) at 2008-07-22 17:27 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 1687 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
619/tcp open unknown
631/tcp open ipp
669/tcp open unknown
1001/tcp open unknown
2049/tcp open nfs
3306/tcp open mysql
Device type: general purpose
....etc..
I can mount the NFS just fine as long as I turn off iptables. Obviously this is a security concern so I'd like to find out what specifically I need to enable to make this work.
 
Old 07-23-2008, 12:06 AM   #2
WorldIsNotFair
Member
 
Registered: Jun 2008
Location: Jakarta
Distribution: CentOS 5
Posts: 89

Rep: Reputation: 17
Hello,

Its not that simple,

You have to open other port to this service on your iptables:
- portmap
- mountd
- statd_port
- lockd_tcpport
- lockd_udpport
- rquotad_port

you can modify the port on /etc/sysconfig/nfs, usually we set it to
port 4002-4005 , so you can modify tour iptables more easy.

iptables may contain like below:

-A INPUT -p tcp -m tcp --dport 111 -j ACCEPT
-A INPUT -p udp -m udp --dport 111 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4002:4005 -j ACCEPT
-A INPUT -p udp -m udp --dport 4002:4005 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -p udp -m udp --dport 2049 -j ACCEPT

give it a try mate !
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables is stopped PhillipHuang Red Hat 3 06-25-2009 03:09 PM
Shorewall is running but iptables is stopped mikieboy Linux - Software 7 06-30-2008 06:26 PM
My NFS client stopped working stefane321 Linux - Networking 2 06-02-2008 11:33 AM
NFS stopped working John_Zbesko Linux - Server 1 09-18-2007 09:30 AM
Allowing NFS in IPTABLES: Fix port for NFS Lock Manager Swakoo Linux - General 10 08-25-2006 05:24 AM


All times are GMT -5. The time now is 12:43 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration