Am 18.05.20 um 16:10 schrieb Martin Wilck:
On Mon, 2020-05-18 at 15:48 +0200, Hans-Peter Jansen wrote:
I don't think portmap is able to do modify firewalld configuration. To make firewalld + nfs server work, I used a fixed port for mountd in /etc/sysconfig/nfs:
MOUNTD_OPTIONS="--port 20033"
... and opened port 20033/udp in the firewalld zone in addition to the standard nfs/nfs3/rpc-bind services.
If there's a more elegant way to achieve the same result, I'd be glad to learn about it.
I've just used nfs3, mountd, and rpc-bind services to successfully provide nfs3 shares (e.g. for vSphere hosts).
Yuck, there's a "mountd" firewalld service! I overlooked that... /me naïvely thinking that enabling "nfs3" should be enough, and not looking further.
Thanks a lot, Martin
i have not followed all here, but maybe this is the "more elegant way": (it was discussed on the opensuse mailing list 12.06.18 "firwealld and nfs ?") nfs3 has static ports, nfs dynamic ports (portmapper) if nfs3 works, and nfs not, its because susefirewall was able to work with portmapper (dynamic ports), firewalld is not able to do. you have to configure nfs to use static ports if you use firewalld. there should be a firewalld-rpcbind-helper script (it was at least 2018+2019 for tumbleweed) you could install. the process would be: save your /etc/sysconfig/nfs maybe you would like, if not already inside this file, insert: RQUOTAD_PORT="" to show what you are using: firewall-rpc-helper.py -r -p nfs-server firewall-rpc-helper.py -s mountd nlockmgr make static: firewall-rpc-helper.py --static-config -p nfs-server --non-interactive --port-config "mountd=20100 status=20200 nlockmgr=20300 rquotad=20400" to show what you have done: firewall-rpc-helper.py -l -p nfs-server gernerate new firewall rules: firewall-rpc-helper.py -p nfs-server --create-firewalld-service nfs-server-static use yast to insert this new rules, and delete the old rules: nfs + nfs3 simoN -- www.becherer.de -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org