From: Robert Rati <Robert.Rati@motorola.com>
Subject: NFS through firewall
Date: Mon, 03 Mar 2003 18:10:51 -0600
Sender: nfs-admin@lists.sourceforge.net
Message-ID: <3E63EF0B.2070903@motorola.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
To: nfs@lists.sourceforge.net
Errors-To: nfs-admin@lists.sourceforge.net

I am trying to provide a directory to the outside world through a 
firewall via NFS.  I can mount the directory from another system, but 
when I try to list the contents of the directory the firewall blocks the 
communication.  I see that the host system is attempting to send data on 
port 65535 using the UDP protocol.  I have the following firewall rule 
that SHOULD match it, but isn't:

/sbin/ipchains -A output -j ACCEPT -i eth0 -p udp --source-port 61000:65535

I have set the local port range to be 61000-65535.  My question is, why 
is NFS choosing port 65535 to transfer data?  Is it using the local port 
range?  I tried changing the port range and restarting the NFS daemons, 
but it still tried to use port 65535.

I know this isn't necessarily a firewall expert group, but have there 
been any issues with ipchains/2.2 kernels blocking NFS traffic on port 
65535?

Rob


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs