Setting up Ubuntu Firewall (UFW) for NFS

I use ufw as my firewall in Ubuntu.  I was recently trying to hook two Ubuntu servers together with NFS, and running into firewall problems.  Here’s how to get it working, in case you’re encountering the same problem.

1.  Start by ensuring that you have the basic NFS ports open.  These are going to be 2049 (udp/tcp) for NFS, and 111 (udp/tcp) for “sunrpc”.  You can add both of these with a straightforward ufw rule, relying on /etc/services to identify the ports.  For example, assuming that you have LCL_NET set to your local network, and only want to allow access to machines in that network:

ufw allow from ${LCL_NET} to any port nfs

ufw allow from ${LCL_NET} to any port sunrpc

2.  The next problem you have is that the rpc.mountd port is assigned randomly, unless you fix it otherwise.  So, first, edit /etc/default/nfs-kernel-server and change the line for RPCMOUNTDOPTS to be:

RPCMOUNTDOPTS=”-p 4001 -g”

Then go back to ufw and allow this port for both udp and tcp.  (I’m not including the command, as there are a few different ways to do it, and I do it in a way that’s simpler in the end, but more complex to explain at the moment.)

Finally, of course, restart ufw and nfs.

Resources:

 

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + 10 =