i have to set up an NFS-Server. I want to protect this server with SuSEfirewall2. The question is: What ports do I have to open? Of course I have to open port 111 (udp,tcp) and 2049 (udp,tcp). But that seems not to be enough. Everytime I try to connect to the server the client conntects to some other (randomly choosen?) ports (608, 922, 1024, ...). I always explicitly specify portnumbers to be used by RPC services. And I prefer them to use privileged portnumbers as well (so I added my own entries to /etc/services). Like:
/sbin/rpc.portmap /usr/sbin/rpc.mountd --port 635 /usr/sbin/rpc.nfsd --port 636 domainname `cat /etc/defaultdomain` /usr/sbin/ypserv -p 637 /usr/sbin/ypbind /usr/sbin/rpc.ypxfrd -p 638 /usr/sbin/rpc.yppasswdd --port 639 Otherwise you have to open an unacceptable range of ports. Besides, these services are not externally exposed (yes we segment and firewall our internal network rather strict). It's quite unlikely you would want to expose NFS and co. Peter