Hi list, i have to set up an NFS-Server. I want to protect this server with SuSEfirewall2. The question is: What ports do I have to open? Of course I have to open port 111 (udp,tcp) and 2049 (udp,tcp). But that seems not to be enough. Everytime I try to connect to the server the client conntects to some other (randomly choosen?) ports (608, 922, 1024, ...). Do I have to open a range of ports? If so, what range I have to open? Thanks and greetings Florian
i have to set up an NFS-Server. I want to protect this server with SuSEfirewall2. The question is: What ports do I have to open? Of course I have to open port 111 (udp,tcp) and 2049 (udp,tcp). But that seems not to be enough. Everytime I try to connect to the server the client conntects to some other (randomly choosen?) ports (608, 922, 1024, ...). I always explicitly specify portnumbers to be used by RPC services. And I prefer them to use privileged portnumbers as well (so I added my own entries to /etc/services). Like:
/sbin/rpc.portmap /usr/sbin/rpc.mountd --port 635 /usr/sbin/rpc.nfsd --port 636 domainname `cat /etc/defaultdomain` /usr/sbin/ypserv -p 637 /usr/sbin/ypbind /usr/sbin/rpc.ypxfrd -p 638 /usr/sbin/rpc.yppasswdd --port 639 Otherwise you have to open an unacceptable range of ports. Besides, these services are not externally exposed (yes we segment and firewall our internal network rather strict). It's quite unlikely you would want to expose NFS and co. Peter
participants (2)
-
Florian Rossol -
Peter van den Heuvel