Hi,
In the latest Linux distributions (Fedora), ports 2049 (nfs) and 20048
(mountd) are configured to be opened by default by firewalld service.
Files: '/usr/lib/firewalld/services/nfs.xml' &
'/usr/lib/firewalld/services/mountd.xml'.
We would like to know what ports could be used by default for service
daemons providing other NFS side-band protocols (NLM/NSM/RQUOTA), so
that we can define *.xml files for those services as well to be included
in firewalld if required.
Request your inputs.
Thanks,
Soumya
Hello,
On 09/14/2015 09:11 AM, Soumya Koduri wrote:
> Hi,
>
> In the latest Linux distributions (Fedora), ports 2049 (nfs) and 20048 (mountd) are configured to be opened by default by firewalld service.
>
> Files: '/usr/lib/firewalld/services/nfs.xml' & '/usr/lib/firewalld/services/mountd.xml'.
Hmm... I didn't know about this... We should probably
set the -p 20048 by default via /etc/sysconfig/nfs file or maybe the systemd script?
>
> We would like to know what ports could be used by default for service
> daemons providing other NFS side-band protocols (NLM/NSM/RQUOTA), so
> that we can define *.xml files for those services as well to be included in
> firewalld if required.
The actual port number really does not matter, as long as its
not a privileged port (< 1024). What matters is the port you assign
to the servers are actually used... Which means the default configuration
files (like /etc/sysconfig/nfs) are updated with the given port numbers.
steved.
Steve Dickson [[email protected]] wrote:
> Hello,
>
> On 09/14/2015 09:11 AM, Soumya Koduri wrote:
> > Hi,
> >
> > In the latest Linux distributions (Fedora), ports 2049 (nfs) and 20048 (mountd) are configured to be opened by default by firewalld service.
> >
> > Files: '/usr/lib/firewalld/services/nfs.xml' & '/usr/lib/firewalld/services/mountd.xml'.
> Hmm... I didn't know about this... We should probably
> set the -p 20048 by default via /etc/sysconfig/nfs file or maybe the systemd script?
I believe, mountd already uses /etc/services file by default. So
specifying it in /etc/services would be good. I think RHEL7 has one for
mountd. This is specific to NFSv3 anyway...
Regards, Malahal.
On 09/15/2015 12:00 AM, Malahal Naineni wrote:
> Steve Dickson [[email protected]] wrote:
>> Hello,
>>
>> On 09/14/2015 09:11 AM, Soumya Koduri wrote:
>>> Hi,
>>>
>>> In the latest Linux distributions (Fedora), ports 2049 (nfs) and 20048 (mountd) are configured to be opened by default by firewalld service.
>>>
>>> Files: '/usr/lib/firewalld/services/nfs.xml' & '/usr/lib/firewalld/services/mountd.xml'.
>> Hmm... I didn't know about this... We should probably
>> set the -p 20048 by default via /etc/sysconfig/nfs file or maybe the systemd script?
>
> I believe, mountd already uses /etc/services file by default. So
> specifying it in /etc/services would be good. I think RHEL7 has one for
> mountd. This is specific to NFSv3 anyway...
>
From '/etc/services' & [1], looks like port# '20048' has been
registered to be used by mountd service. Does it help if we have ports
registered for other services too then? Or is it better to keep them
dynamic and leave it to admin to choose & edit '/etc/sysconfig/nfs' file
as required.
[1] http://www.iana.org/assignments/port-numbers
Thanks,
Soumya
>
> Regards, Malahal.
>
On 09/15/2015 03:15 PM, Soumya Koduri wrote:
>
>
> On 09/15/2015 12:00 AM, Malahal Naineni wrote:
>> Steve Dickson [[email protected]] wrote:
>>> Hello,
>>>
>>> On 09/14/2015 09:11 AM, Soumya Koduri wrote:
>>>> Hi,
>>>>
>>>> In the latest Linux distributions (Fedora), ports 2049 (nfs) and 20048 (mountd) are configured to be opened by default by firewalld service.
>>>>
>>>> Files: '/usr/lib/firewalld/services/nfs.xml' & '/usr/lib/firewalld/services/mountd.xml'.
>>> Hmm... I didn't know about this... We should probably
>>> set the -p 20048 by default via /etc/sysconfig/nfs file or maybe the systemd script?
>>
>> I believe, mountd already uses /etc/services file by default. So
>> specifying it in /etc/services would be good. I think RHEL7 has one for
>> mountd. This is specific to NFSv3 anyway...
>>
>
> From '/etc/services' & [1], looks like port# '20048' has been registered to be used by mountd service. Does it help if we have ports registered for other services too then? Or is it better to keep them dynamic and leave it to admin to choose & edit '/etc/sysconfig/nfs' file as required.
>
> [1] http://www.iana.org/assignments/port-numbers
>
I'm thinking its better to leave it up to the admins...
steved.
On Wed, Sep 16, 2015 at 9:25 AM, Steve Dickson <[email protected]> wrote:
>
>
>
> On 09/15/2015 03:15 PM, Soumya Koduri wrote:
> >
> >
> > On 09/15/2015 12:00 AM, Malahal Naineni wrote:
> >> Steve Dickson [[email protected]] wrote:
> >>> Hello,
> >>>
> >>> On 09/14/2015 09:11 AM, Soumya Koduri wrote:
> >>>> Hi,
> >>>>
> >>>> In the latest Linux distributions (Fedora), ports 2049 (nfs) and 20048 (mountd) are configured to be opened by default by firewalld service.
> >>>>
> >>>> Files: '/usr/lib/firewalld/services/nfs.xml' & '/usr/lib/firewalld/services/mountd.xml'.
> >>> Hmm... I didn't know about this... We should probably
> >>> set the -p 20048 by default via /etc/sysconfig/nfs file or maybe the systemd script?
> >>
> >> I believe, mountd already uses /etc/services file by default. So
> >> specifying it in /etc/services would be good. I think RHEL7 has one for
> >> mountd. This is specific to NFSv3 anyway...
> >>
> >
> > From '/etc/services' & [1], looks like port# '20048' has been registered to be used by mountd service. Does it help if we have ports registered for other services too then? Or is it better to keep them dynamic and leave it to admin to choose & edit '/etc/sysconfig/nfs' file as required.
> >
> > [1] http://www.iana.org/assignments/port-numbers
> >
>
> I'm thinking its better to leave it up to the admins...
>
If that is the case, is there any way to tie the ports assigned to
/etc/sysconfig/nfs etc to a set of firewall rules that open those
ports for incoming traffic? Having to adjust 2 sets of configurations
every time you want to assign a new port is a potential source of
errors.
Trond