i still have to learn how to write iptables-rules.
i use guarddog, and just allowed nfs on the lan.
you can check ports yourself.
start " iptraf " in a console ( as root; monitoring your lan-nic ),
and switch off the firewall.
then mount the nfs and you'll see wich ports are used.