LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Firewall problem (https://www.linuxquestions.org/questions/linux-networking-3/firewall-problem-699367/)

Rayskovsky 01-23-2009 09:31 AM
Firewall problem
 
Hi all

After browsing through the site and Google, I cannot solve my problem

I am using CentOS release 4.6 (Final) with iptables configured with system-config-security. I want to use a nfs server

With firewall disable, everything just works fine.

In system-config-security I then click ssh, http and add in other port box the following
nfs:tcp, nfs:udp, ntp:tcp, ntp:udp, 1055:tcp
where port 1055 is for a license manager for a software

This give me the following file
Quote:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1055 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 123 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
when i try to mount a volume on another machine, I get
Quote:
mount.nfs: mount to NFS server 'rpcbind' failed: System Error: No route to host
mount.nfs: mount to NFS server 'rpcbind' failed: System Error: No route to host
mount.nfs: internal error
I then found on the site that I need to allow rpcbind port which is 111/tcp
when adding it to the other port and trying to mount volume, mahcien on which I tried to mount the volume just hang and I need to ctrl+c to get a prompt back.

with a nmap -p 2049 server, i get
PORT STATE SERVICE
2049/tcp open nfs

which is the same than when the firewall is off (iptables stop)


Another thing strange is that sshd and httpd works whenever the firewall is up or down.

My licensing server on port 1055 (flexlm) and my nfs only works when the firewall is down.

Anyone know what is happening?

btw, I tried rebooting

tmerriam 01-23-2009 08:27 PM
NFS is unfortunately more complicated than just that one port and and portmapper. Read chapter 6 of the NFS HowTo:

http://nfs.sourceforge.net/nfs-howto/


All times are GMT -5. The time now is 05:44 AM.