With the setup you describe, I don't believe you should even be able to ping the NFS server from the clients, much less mount a volume. Try it!
The trouble is that there is no way for the NFS server to address a client; so while a packet might get to from a client, there is no way it can send a response. Also, I don't really understand why you want this firewall. Is the NFS box the only thing on that side? Then why not run iptables directly on the NFS box? Or are you using the "firewall" just as a NAT, to conserve IP addresses? In which case why not put the NFS server inside it? NFS is about the least secure protocol imaginable, so firewalls are usually configured to prevent NFS flowing across them. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]