Team,

I have Data Domain with nfs shares created and exported to the SLES 11 server. We are trying to mount using the mount -t -o <options> DDIP:/backup <mount> and it times out after few minutes. We figured that its a firewall issue. I have been reading lot about the nfs ports and looks like the important once are 111 (portmapper) and the 2049 (nfsd). But the rpcinfo -p on the client shows more TCP and UDP ports for nlockmgr and mountd. Should i open those ports as well in firewall ?

Another question is which way should be the rule implemented.

1) Allow bidrirection on ports 2049 & 111.
2) Allow 2049 & 111 ports from client to server.
3) Allow 2049 & 111 ports from server to client.

client:~ # rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 45488 status
100024 1 tcp 61417 status
100005 1 udp 59794 mountd
100005 1 tcp 30015 mountd
100005 2 udp 59794 mountd
100005 2 tcp 30015 mountd
100005 3 udp 59794 mountd
100005 3 tcp 30015 mountd
100021 1 udp 51229 nlockmgr
100021 3 udp 51229 nlockmgr
100021 4 udp 51229 nlockmgr
100021 1 tcp 2283 nlockmgr
100021 3 tcp 2283 nlockmgr
100021 4 tcp 2283 nlockmgr
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
client:~ # ps -ef | grep nfs
root 15440 2 0 05:51 ? 00:00:00 [nfsd4]
root 15441 2 0 05:51 ? 00:00:00 [nfsd]
root 15442 2 0 05:51 ? 00:00:00 [nfsd]
root 15443 2 0 05:51 ? 00:00:00 [nfsd]
root 15444 2 0 05:51 ? 00:00:00 [nfsd]
root 15459 2 0 05:51 ? 00:00:00 [nfsiod]
root 15555 1 0 06:06 ? 00:00:00 /sbin/mount.nfs server:/backup /dd/server/share -o rw,hard,intr,nfsvers=3,tcp,bg
root 16615 16284 0 18:08 pts/0 00:00:00 grep nfs
client:~ #


Any help would be much appreciated.

Thanks
Balu Gadikota

if you can ssh into the machine than you have two possibilities,
1) install and use FUSE SSHFS instead of NFS
2) create an SSH tunnel to forward the NFS port
otherwise yes, the ports probably should be opened

1 members found this post helpful.

Thank you Frieza.

Unfortunately i cant install anything other than opening the ports. I was more looking towards which ports needs to be open other than 111 and 2049 and should it be open from client to server or from server to client.

i think those are the only ports necessary

Which direction..from client to server to server to client or bidirectional ?

Thanks

i would start with client to server, but if that doesn't work try bidirectional

are you able to ssh into the server from the client?

again if so as you are not willing to use sshfs a reverse ssh connection will solve the problem without having to deal with installing anything more. just requires an ssh connection from the server to the client.

Hello Lleb,

I just tried .. i cant ssh from client to the server.

will look for opening the firewall ports and see if that fixes my issues.

Thanks