NFS through firewall

Craig White craigwhite at azapple.com
Fri Nov 18 14:37:15 UTC 2005 

On Fri, 2005-11-18 at 09:21 -0500, James Pifer wrote:
> On Fri, 2005-11-18 at 09:36 +0000, Nigel Wade wrote:
> > James Pifer wrote:
> > > Hi. I have a server in our DMZ and I'm exporting a specific directory
> > > with NFS. I have an internal server that I want to mount it on. The
> > > internal server is allowed through the firewall without restriction.
> > > Firewall guy tells me it's wide open for this internal server, TCP and
> > > UDP. 
> > > 
> > > When I try to mount the drive I get this error:
> > > pmap_getmaps rpc problem: RPC: Unable to receive; errno = Connection
> > > reset by peer
> > > 
> > > On the server running NFS I get this:
> > > rpc.mountd: authenticated mount request from [internal_server]:680
> > > for /usr/test (/usr/test)
> > > 
> > > If I do an nmap from the internal server to the external server running
> > > I get:
> > > 
> > > (The 1648 ports scanned but not shown below are in state: closed)
> > > PORT      STATE SERVICE
> > > 22/tcp    open  ssh
> > > 80/tcp    open  http
> > > 111/tcp   open  rpcbind
> > > 443/tcp   open  https
> > > 933/tcp   open  unknown
> > > 5001/tcp  open  commplex-link
> > > 5801/tcp  open  vnc-http-1
> > > 5901/tcp  open  vnc-1
> > > 10000/tcp open  snet-sensor-mgmt
> > > 
> > > A UDP port scan seems to hang. 
> > > 
> > > If I do an rpcinfo on the external server running NFS I get:
> > > # rpcinfo -p 127.0.0.1
> > >    program vers proto   port
> > >     100000    2   tcp    111  portmapper
> > >     100000    2   udp    111  portmapper
> > >     100024    1   udp  32768  status
> > >     100024    1   tcp  32768  status
> > >     391002    2   tcp  32769  sgi_fam
> > >     100011    1   udp    930  rquotad
> > >     100011    2   udp    930  rquotad
> > >     100011    1   tcp    933  rquotad
> > >     100011    2   tcp    933  rquotad
> > >     100003    2   udp   2049  nfs
> > >     100003    3   udp   2049  nfs
> > >     100021    1   udp  32781  nlockmgr
> > >     100021    3   udp  32781  nlockmgr
> > >     100021    4   udp  32781  nlockmgr
> > >     100005    1   udp  32782  mountd
> > >     100005    1   tcp  59483  mountd
> > >     100005    2   udp  32782  mountd
> > >     100005    2   tcp  59483  mountd
> > >     100005    3   udp  32782  mountd
> > >     100005    3   tcp  59483  mountd
> > > 
> > > Any thoughts on what the problem is?
> > > 
> > > Thanks,
> > > James
> > > 
> > 
> > Check that all firewalls have been setup to allow UDP. It looks as though TCP is 
> > being allowed, but UDP is being blocked.
> > 
> > What version of the kernel are you running on the server? It's only registering 
> > NFS vers 2&3 over UDP, not TCP.
> > 
> 
> Although it took a while, it does appears that udp is working:
> (The 1473 ports scanned but not shown below are in state: closed)
> PORT      STATE SERVICE
> 123/udp   open  ntp
> 676/udp   open  unknown
> 743/udp   open  unknown
> 2049/udp  open  nfs
> 32768/udp open  omad
> 
----
don't you need port 111 open?

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the fedora-list mailing list