Firewall problems with NFS

Dr. Michael J. Chudobiak mjc at avtechpulse.com
Thu Nov 15 14:49:23 UTC 2007


Bill Davidsen wrote:
>> You'll probably need to:
>>
>> 1) Learn about port "pinning" for NFS (so it always uses the same ports).
> 
> Since the GUI doesn't know about this, it doesn't solve the problem of 
> avoiding mixing GUI and manual firewall configuration, if I have to do 
> any of it by hand I'll do it all by hand, I'm dubious about using the 
> same rules for forwarding as INPUT anyway.

Bill,

The port-pinning is not handled by iptables, and no firewall tool will 
do it for you. You will need to configure port pinning in the various 
/etc files that control the NFS server and the RPC services (I forget 
which files).

Once you've pinned the ports, then open them in the firewall. You can do 
that by hand if you want, but using firestarter is much easier, in my 
experience.

The two tasks are cleanly separated.


- Mike




More information about the fedora-list mailing list