Problem:
NFS rpc ports (mountd, lock, and statd) don’t run on fixed ports.
Solution:
Lock ports used by NFS
( following instructions apply to CentOS 5.3. Please see references for other solutions )
1. Edit /etc/sysconfig/nfs, specify ports as shown below:
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=673
iptable rules used with this example:
#nfs
-A Firewall-1 -p tcp -m state –state NEW -m tcp –dport 111 -j ACCEPT
-A Firewall-1 -p udp -m state –state NEW -m udp –dport 111 -j ACCEPT
-A Firewall-1 -p udp -m state –state NEW -m udp –dport 2049 -j ACCEPT
-A Firewall-1 -p tcp -m state –state NEW -m tcp –dport 2049 -j ACCEPT
-A Firewall-1 -p udp -m state –state NEW -m udp –dport 892 -j ACCEPT
-A Firewall-1 -p tcp -m state –state NEW -m tcp –dport 892 -j ACCEPT
-A Firewall-1 -p udp -m state –state NEW -m udp –dport 673 -j ACCEPT
-A Firewall-1 -p tcp -m state –state NEW -m tcp –dport 676 -j ACCEPT
-A Firewall-1 -p udp -m state –state NEW -m udp –dport 32803 -j ACCEPT
-A Firewall-1 -p tcp -m state –state NEW -m tcp –dport 32803 -j ACCEPT
-A Firewall-1 -p udp -m state –state NEW -m udp –dport 32769 -j ACCEPT
References:
1. http://aiki.bme.duke.edu/cgi-bin/wiki.pl?Nfs_And_Iptables
2. http://www.sns.ias.edu/~jns/wp/2006/01/18/iptables-nfs/
Thanks very helpful!! It works on RH 5.4