On Fri, 11 Apr 2008 11:19:11 -0230 Roger Mason <[EMAIL PROTECTED]> wrote:
> Hello, > > I'm trying to configure the firewall on a client to allow that client > to mount an nfs directory. The client runs a netfilter firewall, the > server uses tcpwrapper. > > rpcinfo -p on the server shows: > > beryl rmason # rpcinfo -p > program vers proto port > 100000 2 tcp 111 portmapper > 100000 2 udp 111 portmapper > 100024 1 udp 32765 status > 100024 1 tcp 32765 status > 100003 2 udp 2049 nfs > 100003 3 udp 2049 nfs > 100003 2 tcp 2049 nfs > 100003 3 tcp 2049 nfs > 100021 1 udp 4001 nlockmgr > 100021 3 udp 4001 nlockmgr > 100021 4 udp 4001 nlockmgr > 100021 1 tcp 4001 nlockmgr > 100021 3 tcp 4001 nlockmgr > 100021 4 tcp 4001 nlockmgr > 100005 1 udp 32767 mountd > 100005 1 tcp 32767 mountd > 100005 2 udp 32767 mountd > 100005 2 tcp 32767 mountd > 100005 3 udp 32767 mountd > 100005 3 tcp 32767 mountd > > When I try to mount the exported directory when the firewall is > running I get a timeout: > > minnie ~ $ mount -v Help/ > mount: trying 134.153.37.5 prog 100003 vers 3 prot tcp port 2049 > mount: trying 134.153.37.5 prog 100005 vers 3 prot udp port 32767 > mount: mount to NFS server 'beryl.esd.mun.ca' failed: timed out > (retrying). > > If I drop the client firewall the mount succeeds. > > Can someone help me figure out what must be put in my iptables script > to get this to work? Accept all incoming and outgoing connections on the client that originate from or go to the server. It would look something like this: iptables -I INPUT -s 134.153.37.55 -j ACCEPT iptables -I INPUT -s 134.153.37.55 -j ACCEPT now make sure those will work with your config before just blindly setting them up! Best of luck! Hope it works. -- Dan -- gentoo-user@lists.gentoo.org mailing list