I'm trying to setup NFS sharing + iptables, so that I can actually access it. I'm failing to find any up-to-date/working documentation/articles. Can you explain or share link to proper documentation? I have no nfs/iptables knowledge, and every time I decide to get rid of iptables -F
"solutions", I hit the documentation wall.
I have no idea what version of nfs I have. Attempts to use "nfsstat –s" or "nfsstat –c" does not print anything relevant.
But I assume that it will be version 4. I tried to follow(best article/documentation I find so far):
https://prefetch.net/blog/2010/11/02/firewalling-a-linux-nfs-server-with-iptables/
and settings of static ports in /etc/sysconfig/nfs is ignored, and several services/systemd units are missing.
Can you recommend some reading to setup nfs and iptables, which is readable, understandable and up-to-date? If iptables are obsolete and should be disabled in favor of another more up-to-date solution, please share how.
EDIT: in firewall-config the zone is public and nfs among trusted services, which "are accessible from all hosts and networks" (are not).
rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 58868 status
100024 1 tcp 51719 status
100005 1 udp 20048 mountd
100005 1 tcp 20048 mountd
100005 2 udp 20048 mountd
100005 2 tcp 20048 mountd
100005 3 udp 20048 mountd
100005 3 tcp 20048 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100021 1 udp 54703 nlockmgr
100021 3 udp 54703 nlockmgr
100021 4 udp 54703 nlockmgr
100021 1 tcp 35247 nlockmgr
100021 3 tcp 35247 nlockmgr
100021 4 tcp 35247 nlockmgr
I found somewhere:
firewall-cmd --permanent --add-port=2049/udp ; firewall-cmd --permanent --add-port=2049/tcp; firewall-cmd --permanent --add-port=111/udp; firewall-cmd --permanent --add-port=111/tcp
which could correlate with ports above, but no luck, does not work. TV cannot connect until I do iptables -F
.