{"id":61,"date":"2014-03-17T00:55:47","date_gmt":"2014-03-16T23:55:47","guid":{"rendered":"http:\/\/eggblog.invertedegg.com\/?p=61"},"modified":"2014-03-17T00:55:47","modified_gmt":"2014-03-16T23:55:47","slug":"setting-up-ubuntu-firewall-ufw-for-nfs","status":"publish","type":"post","link":"http:\/\/eggblog.invertedegg.com\/?p=61","title":{"rendered":"Setting up Ubuntu Firewall (UFW) for NFS"},"content":{"rendered":"

I use ufw as my firewall in Ubuntu. \u00c2\u00a0I was recently trying to hook two Ubuntu servers together with NFS, and running into firewall problems. \u00c2\u00a0Here’s how to get it working, in case you’re encountering the same problem.<\/p>\n

1. \u00c2\u00a0Start by ensuring that you have the basic NFS ports open. \u00c2\u00a0These are going to be 2049 (udp\/tcp) for NFS, and 111 (udp\/tcp) for “sunrpc”. \u00c2\u00a0You can add both of these with a straightforward ufw rule, relying on \/etc\/services to identify the ports. \u00c2\u00a0For example, assuming that you have LCL_NET set to your local network, and only want to allow access to machines in that network:<\/p>\n

ufw allow from ${LCL_NET} to any port nfs<\/p>\n

ufw allow from ${LCL_NET} to any port sunrpc<\/p><\/blockquote>\n

2. \u00c2\u00a0The next problem you have is that the rpc.mountd port is assigned randomly, unless you fix it otherwise. \u00c2\u00a0So, first, edit \/etc\/default\/nfs-kernel-server and change the line for RPCMOUNTDOPTS to be:<\/p>\n

RPCMOUNTDOPTS=”-p 4001 -g”<\/p><\/blockquote>\n

Then go back to ufw and allow this port for both udp and tcp. \u00c2\u00a0(I’m not including the command, as there are a few different ways to do it, and I do it in a way that’s simpler in the end, but more complex to explain at the moment.)<\/p>\n

Finally, of course, restart ufw and nfs.<\/p>\n

Resources:<\/p>\n