LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Unable to mount NFS with iptables (https://www.linuxquestions.org/questions/linux-newbie-8/unable-to-mount-nfs-with-iptables-4175582348/)

procfs 06-15-2016 12:22 PM
Unable to mount NFS with iptables
 
Hi Below is my environment

CentOS release 6.8 (Final)
NFS 1:1.2.3-70.el6

export file is as -
/exp_fs *(rw,async,no_root_squash,no_subtree_check)

I can mount this while iptables are down on the server but as soon as I start I am getting an rpc error when I do showmount.

below are my iptables rules, what am I doing wrong

-A INPUT -s 172.16.10.0/24 -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT
-A INPUT -s 172.16.10.0/24 -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-A INPUT -s 172.16.10.0/24 -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
-A INPUT -s 172.16.10.0/24 -p tcp -m state --state NEW -m tcp --dport 32803 -j ACCEPT
-A INPUT -s 172.16.10.0/24 -p udp -m state --state NEW -m udp --dport 32769 -j ACCEPT
-A INPUT -s 172.16.10.0/24 -p tcp -m state --state NEW -m tcp --dport 892 -j ACCEPT
-A INPUT -s 172.16.10.0/24 -p udp -m state --state NEW -m udp --dport 892 -j ACCEPT
-A INPUT -s 172.16.10.0/24 -p tcp -m state --state NEW -m tcp --dport 875 -j ACCEPT
-A INPUT -s 172.16.10.0/24 -p udp -m state --state NEW -m udp --dport 875 -j ACCEPT
-A INPUT -s 172.16.10.0/24 -p tcp -m state --state NEW -m tcp --dport 662 -j ACCEPT
-A INPUT -s 172.16.10.0/24 -p udp -m state --state NEW -m udp --dport 662 -j ACCEPT

Thanks and Regards

tshikose 06-15-2016 01:30 PM
Hi,

NFS (at least old version) relies on additional random ports to work.
If I remember correctly, they are commented through out the /etc/sysconfig/nfs configuration file.
Edit it, uncomment the port lines. And make sure you allow them all in your iptables INPUT rules.

Sorry, I am not accurate, long time I worked on RHEL 6 or clones.
My suggestion is: upgrade to CentOS 7.

tshikose 06-15-2016 01:31 PM
I think you also need to allow 2049/udp port as some old NFS clients work on UDP.

lazydog 06-15-2016 01:56 PM
This might help you.

Tutorial – Configure IPTables for NFS Server on CentOS 6

procfs 06-15-2016 10:32 PM
Hi Guys, thank you for the reply and I just got back to off and will try and updat you

Thanks and Best Regards

procfs 06-15-2016 11:40 PM
Hi Guys your replies helped me to narrow down the matter, the problem was the placing of the reject all rual :(,

-A INPUT -j REJECT --reject-with icmp-host-prohibited


Thank you and best of regards

lazydog 06-16-2016 09:48 AM
That is your last rule? If things got that far you are missing other rules that are needed.

Post your firewall rules and we will see if we can figure out where the problem lies.

procfs 06-27-2016 03:17 AM
Hi Lazboy, this I overlooked fault on my side

Thanks and Best Regards


All times are GMT -5. The time now is 07:43 AM.