Allowing NFS in IPTABLES: Fix port for NFS Lock Manager
 

I'm trying to setup NFS between a webserver and a fileserver. NFS is working now, though with basic options but i am currently trying to let iptables allow NFS connection and read that I need to fix ports for the services related to NFS.

Manage to fix for them all except NFS Lock Manager. Been reading and documents shows to insert the line to configure into /etc/modules.conf. I don't have that file to begin with so I created it, didn't work.

Then I try inserting into grub.conf but it didn't work too.

Only left with this part before I start on iptables. I am using RHEL4. Anyone have any idea how to fix port for it?

many thanks!

anyone with the know-how?

I'm not quite sure why you are looking into /etc/modules.conf and grub's configuration since you need to modify your current iptables rules to allow NFS. You should open port 2049 and 111.

However, again, I'm a bit puzzled about this question. You said that NFS works but you need to allow NFS connections between machines. How are you verifying that NFS works?

-twantrd

sorry for being unclear.
NFS works, without IP Tables.

I read http://www.ba.infn.it/calcolo/docume....html#Firewall and it mentioned I need to fix the other services ports.

hmm anyone?

The reply of Twantrd contained the answer already.

i have been using these 2 articles

http://www.ba.infn.it/calcolo/docume....html#Firewall
http://www.lowth.com/LinWiz/nfs_help.html

Through them, I am hoping to achieve securing my server with NFS enabled via IPTABLES. But to do this, what I understand is I need to fix the port being used. So following the instructions, I manage to do it and as rpcinfo -p shows the following

As you can see, i didn't manage to fix the port of nlockmgr as I can't find the needed file to edit as mentioned in the 2 links.

Thus I am asking how to lock that service...

then again.. am i doing it the right even? I stand corrected :)
Having doubts because I just went ahead and configure IPTABLES (manually? or also wrong? Please take a look at my thread here) and iptables mentioned it is wrong...

I'm kinda noob here, but am just trying and fiddling so i'm hoping to be able to get some guidiance to go one step ahead :)

thanks!

ps: These settings that I am fiddling with it for the server, I didn't do anything on the client, not even fix the port. Is there a need?

anyone...?

perhaps not...
 

I have portmap and nfs open on a Linux NFS server and can't get to the share using a Mac. I searched the Mac's /etc/services and found a couple Mac nfs related ports, 1110 and 1598, but adding rules to allow these in iptables has not fixed the problem.

For SuSE linux 9.0 I found the following solution on the web:
statd (4000: startproc $RPCSTATD $STATDFLAGS -p 4000 in /etc/init.d/nfslock)
nfslock (4001: lockd.udpport=4001 lockd.tcpport=4001 in /boot/grub/menu.lst)
mountd (4002: startproc /usr/sbin/rpc.mountd -p 4002 in /etc/init.d/nfsserver
BUT
On my new server (SuSE linux 10.0) there is no /etc/init.d/nfslock...
So now I don't know how to fix the statd-port.

ok i got it to work! found out after recently attending a Redhat course that the file in question is no longer modules.conf, but rather modprobe.conf


solved!