LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   Allowing NFS in IPTABLES: Fix port for NFS Lock Manager (https://www.linuxquestions.org/questions/linux-general-1/allowing-nfs-in-iptables-fix-port-for-nfs-lock-manager-463784/)

Swakoo 07-13-2006 04:39 PM

Allowing NFS in IPTABLES: Fix port for NFS Lock Manager
 
I'm trying to setup NFS between a webserver and a fileserver. NFS is working now, though with basic options but i am currently trying to let iptables allow NFS connection and read that I need to fix ports for the services related to NFS.

Manage to fix for them all except NFS Lock Manager. Been reading and documents shows to insert the line to configure into /etc/modules.conf. I don't have that file to begin with so I created it, didn't work.

Then I try inserting into grub.conf but it didn't work too.

Only left with this part before I start on iptables. I am using RHEL4. Anyone have any idea how to fix port for it?

many thanks!

Swakoo 07-14-2006 01:22 AM

anyone with the know-how?

twantrd 07-14-2006 02:50 AM

I'm not quite sure why you are looking into /etc/modules.conf and grub's configuration since you need to modify your current iptables rules to allow NFS. You should open port 2049 and 111.

Quote:

NFS is working now, though with basic options but i am currently trying to let iptables allow NFS connection and read that I need to fix ports for the services related to NFS.
However, again, I'm a bit puzzled about this question. You said that NFS works but you need to allow NFS connections between machines. How are you verifying that NFS works?

-twantrd

Swakoo 07-14-2006 05:53 AM

Quote:

Originally Posted by twantrd
I'm not quite sure why you are looking into /etc/modules.conf and grub's configuration since you need to modify your current iptables rules to allow NFS. You should open port 2049 and 111.


However, again, I'm a bit puzzled about this question. You said that NFS works but you need to allow NFS connections between machines. How are you verifying that NFS works?

-twantrd

sorry for being unclear.
NFS works, without IP Tables.

I read http://www.ba.infn.it/calcolo/docume....html#Firewall and it mentioned I need to fix the other services ports.

Swakoo 07-21-2006 05:57 AM

hmm anyone?

gloomy 07-22-2006 12:47 AM

The reply of Twantrd contained the answer already.

Swakoo 07-25-2006 04:40 AM

i have been using these 2 articles

http://www.ba.infn.it/calcolo/docume....html#Firewall
http://www.lowth.com/LinWiz/nfs_help.html

Through them, I am hoping to achieve securing my server with NFS enabled via IPTABLES. But to do this, what I understand is I need to fix the port being used. So following the instructions, I manage to do it and as rpcinfo -p shows the following

Quote:

[root@fileserver ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 4000 status
100024 1 tcp 4000 status
100011 1 udp 4003 rquotad
100011 2 udp 4003 rquotad
100011 1 tcp 4003 rquotad
100011 2 tcp 4003 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 32768 nlockmgr
100021 3 udp 32768 nlockmgr
100021 4 udp 32768 nlockmgr
100021 1 tcp 32768 nlockmgr
100021 3 tcp 32768 nlockmgr
100021 4 tcp 32768 nlockmgr
100005 1 udp 4002 mountd
100005 1 tcp 4002 mountd
100005 2 udp 4002 mountd
100005 2 tcp 4002 mountd
100005 3 udp 4002 mountd
100005 3 tcp 4002 mountd
As you can see, i didn't manage to fix the port of nlockmgr as I can't find the needed file to edit as mentioned in the 2 links.

Thus I am asking how to lock that service...

then again.. am i doing it the right even? I stand corrected :)
Having doubts because I just went ahead and configure IPTABLES (manually? or also wrong? Please take a look at my thread here) and iptables mentioned it is wrong...

I'm kinda noob here, but am just trying and fiddling so i'm hoping to be able to get some guidiance to go one step ahead :)

thanks!

ps: These settings that I am fiddling with it for the server, I didn't do anything on the client, not even fix the port. Is there a need?

Swakoo 07-31-2006 04:19 AM

anyone...?

catworld 08-07-2006 03:51 PM

perhaps not...
 
Quote:

Originally Posted by gloomy
The reply of Twantrd contained the answer already.

I have portmap and nfs open on a Linux NFS server and can't get to the share using a Mac. I searched the Mac's /etc/services and found a couple Mac nfs related ports, 1110 and 1598, but adding rules to allow these in iptables has not fixed the problem.

muumi 08-25-2006 03:22 AM

For SuSE linux 9.0 I found the following solution on the web:
statd (4000: startproc $RPCSTATD $STATDFLAGS -p 4000 in /etc/init.d/nfslock)
nfslock (4001: lockd.udpport=4001 lockd.tcpport=4001 in /boot/grub/menu.lst)
mountd (4002: startproc /usr/sbin/rpc.mountd -p 4002 in /etc/init.d/nfsserver
BUT
On my new server (SuSE linux 10.0) there is no /etc/init.d/nfslock...
So now I don't know how to fix the statd-port.

Swakoo 08-25-2006 05:24 AM

ok i got it to work! found out after recently attending a Redhat course that the file in question is no longer modules.conf, but rather modprobe.conf


solved!


All times are GMT -5. The time now is 06:28 AM.