Hello All,
Ok, so I don't know what I'm doing wrong. I've been at this for a few days now and I can't seem to get NFS working though the firewall.
I am running Centos 5.2
First I edited the
/etc/sysconfig/nfs file and uncommented/edited these entries...
Code:
LOCKD_TCPPORT=32769
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
Next I ran the
system-config-securitylevel and I added 111(tcp/udp), 32769(tcp/udp), 892(tcp/udp), 662(tcp/udp), And I even put a check next to NFSv4. Here is the output of
iptables -L
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:sunrpc
ACCEPT udp -- anywhere anywhere state NEW udp dpt:sunrpc
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:filenet-rpc
ACCEPT udp -- anywhere anywhere state NEW udp dpt:filenet-rpc
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pftp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:pftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:892
ACCEPT udp -- anywhere anywhere state NEW udp dpt:892
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
I added this in my
/etc/exports
And started nfsd/portmap
Code:
[root@centos-virt sysconfig]# service nfs start
Starting NFS services: [ OK ]
Starting NFS quotas: [ OK ]
Starting NFS daemon: [ OK ]
Starting NFS mountd: [ OK ]
[root@centos-virt sysconfig]# service portmap start
Starting portmap: [ OK ]
And I STILL can't mount the share
I get an error about "no route to host"...but when I do a
iptables -F I can mount it just fine...
Thoughts/Help?
Thanks,
-C