I use ufw as my firewall in Ubuntu. Â I was recently trying to hook two Ubuntu servers together with NFS, and running into firewall problems. Â Here’s how to get it working, in case you’re encountering the same problem.
1. Â Start by ensuring that you have the basic NFS ports open. Â These are going to be 2049 (udp/tcp) for NFS, and 111 (udp/tcp) for “sunrpc”. Â You can add both of these with a straightforward ufw rule, relying on /etc/services to identify the ports. Â For example, assuming that you have LCL_NET set to your local network, and only want to allow access to machines in that network:
ufw allow from ${LCL_NET} to any port nfs
ufw allow from ${LCL_NET} to any port sunrpc
2. Â The next problem you have is that the rpc.mountd port is assigned randomly, unless you fix it otherwise. Â So, first, edit /etc/default/nfs-kernel-server and change the line for RPCMOUNTDOPTS to be:
RPCMOUNTDOPTS=”-p 4001 -g”
Then go back to ufw and allow this port for both udp and tcp. Â (I’m not including the command, as there are a few different ways to do it, and I do it in a way that’s simpler in the end, but more complex to explain at the moment.)
Finally, of course, restart ufw and nfs.
Resources:
- Check your ports to see what’s specified, and what’s picking a random port with: Â rpcinfo -p
- See this page for a good brief introduction to how to solve this.
- See this page for a detailed description, including how to go after some other ports that may cause you problems.