LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 07-13-2006, 04:39 PM   #1
Swakoo
Member
 
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508

Rep: Reputation: 30
Allowing NFS in IPTABLES: Fix port for NFS Lock Manager


I'm trying to setup NFS between a webserver and a fileserver. NFS is working now, though with basic options but i am currently trying to let iptables allow NFS connection and read that I need to fix ports for the services related to NFS.

Manage to fix for them all except NFS Lock Manager. Been reading and documents shows to insert the line to configure into /etc/modules.conf. I don't have that file to begin with so I created it, didn't work.

Then I try inserting into grub.conf but it didn't work too.

Only left with this part before I start on iptables. I am using RHEL4. Anyone have any idea how to fix port for it?

many thanks!
 
Old 07-14-2006, 01:22 AM   #2
Swakoo
Member
 
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508

Original Poster
Rep: Reputation: 30
anyone with the know-how?
 
Old 07-14-2006, 02:50 AM   #3
twantrd
Senior Member
 
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,440

Rep: Reputation: 52
I'm not quite sure why you are looking into /etc/modules.conf and grub's configuration since you need to modify your current iptables rules to allow NFS. You should open port 2049 and 111.

Quote:
NFS is working now, though with basic options but i am currently trying to let iptables allow NFS connection and read that I need to fix ports for the services related to NFS.
However, again, I'm a bit puzzled about this question. You said that NFS works but you need to allow NFS connections between machines. How are you verifying that NFS works?

-twantrd
 
Old 07-14-2006, 05:53 AM   #4
Swakoo
Member
 
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by twantrd
I'm not quite sure why you are looking into /etc/modules.conf and grub's configuration since you need to modify your current iptables rules to allow NFS. You should open port 2049 and 111.


However, again, I'm a bit puzzled about this question. You said that NFS works but you need to allow NFS connections between machines. How are you verifying that NFS works?

-twantrd
sorry for being unclear.
NFS works, without IP Tables.

I read http://www.ba.infn.it/calcolo/docume....html#Firewall and it mentioned I need to fix the other services ports.
 
Old 07-21-2006, 05:57 AM   #5
Swakoo
Member
 
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508

Original Poster
Rep: Reputation: 30
hmm anyone?
 
Old 07-22-2006, 12:47 AM   #6
gloomy
Member
 
Registered: Jan 2006
Location: Finland
Distribution: Mainly Gentoo
Posts: 119

Rep: Reputation: 15
The reply of Twantrd contained the answer already.
 
Old 07-25-2006, 04:40 AM   #7
Swakoo
Member
 
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508

Original Poster
Rep: Reputation: 30
i have been using these 2 articles

http://www.ba.infn.it/calcolo/docume....html#Firewall
http://www.lowth.com/LinWiz/nfs_help.html

Through them, I am hoping to achieve securing my server with NFS enabled via IPTABLES. But to do this, what I understand is I need to fix the port being used. So following the instructions, I manage to do it and as rpcinfo -p shows the following

Quote:
[root@fileserver ~]# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 4000 status
100024 1 tcp 4000 status
100011 1 udp 4003 rquotad
100011 2 udp 4003 rquotad
100011 1 tcp 4003 rquotad
100011 2 tcp 4003 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100021 1 udp 32768 nlockmgr
100021 3 udp 32768 nlockmgr
100021 4 udp 32768 nlockmgr
100021 1 tcp 32768 nlockmgr
100021 3 tcp 32768 nlockmgr
100021 4 tcp 32768 nlockmgr
100005 1 udp 4002 mountd
100005 1 tcp 4002 mountd
100005 2 udp 4002 mountd
100005 2 tcp 4002 mountd
100005 3 udp 4002 mountd
100005 3 tcp 4002 mountd
As you can see, i didn't manage to fix the port of nlockmgr as I can't find the needed file to edit as mentioned in the 2 links.

Thus I am asking how to lock that service...

then again.. am i doing it the right even? I stand corrected
Having doubts because I just went ahead and configure IPTABLES (manually? or also wrong? Please take a look at my thread here) and iptables mentioned it is wrong...

I'm kinda noob here, but am just trying and fiddling so i'm hoping to be able to get some guidiance to go one step ahead

thanks!

ps: These settings that I am fiddling with it for the server, I didn't do anything on the client, not even fix the port. Is there a need?

Last edited by Swakoo; 07-25-2006 at 04:50 AM.
 
Old 07-31-2006, 04:19 AM   #8
Swakoo
Member
 
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508

Original Poster
Rep: Reputation: 30
anyone...?
 
Old 08-07-2006, 03:51 PM   #9
catworld
Member
 
Registered: Nov 2004
Location: Horseheads, New York
Distribution: Mandriva 2010.1 / KDE 4.5.2, Slax, Knoppix, Backtrack & etc...
Posts: 198

Rep: Reputation: 36
perhaps not...

Quote:
Originally Posted by gloomy
The reply of Twantrd contained the answer already.
I have portmap and nfs open on a Linux NFS server and can't get to the share using a Mac. I searched the Mac's /etc/services and found a couple Mac nfs related ports, 1110 and 1598, but adding rules to allow these in iptables has not fixed the problem.
 
Old 08-25-2006, 03:22 AM   #10
muumi
LQ Newbie
 
Registered: Jul 2006
Posts: 2

Rep: Reputation: 0
For SuSE linux 9.0 I found the following solution on the web:
statd (4000: startproc $RPCSTATD $STATDFLAGS -p 4000 in /etc/init.d/nfslock)
nfslock (4001: lockd.udpport=4001 lockd.tcpport=4001 in /boot/grub/menu.lst)
mountd (4002: startproc /usr/sbin/rpc.mountd -p 4002 in /etc/init.d/nfsserver
BUT
On my new server (SuSE linux 10.0) there is no /etc/init.d/nfslock...
So now I don't know how to fix the statd-port.
 
Old 08-25-2006, 05:24 AM   #11
Swakoo
Member
 
Registered: Apr 2005
Distribution: Red Hat / Fedora / CentOS
Posts: 508

Original Poster
Rep: Reputation: 30
ok i got it to work! found out after recently attending a Redhat course that the file in question is no longer modules.conf, but rather modprobe.conf


solved!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NFS client = Linux, NFS server = Mac OS X Tiger --> Hell of a problem make Linux - Networking 9 03-10-2006 05:16 AM
nfs client on knoppix 3.9 - problem mounting nfs drive Rod Butcher Linux - Networking 1 09-21-2005 04:18 AM
IPTABLES allowing port 5900 when it shouldnt proendo Slackware 5 04-18-2005 09:42 AM
Allowing connections to port 8080 in iptables apache363 Linux - Software 1 10-12-2004 02:14 PM
nfs client should it use tcp or udp to nfs serve rportmapper andersonas Linux - Networking 2 06-30-2004 12:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 02:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration