From SpectLog
Jump to: navigation, search

Suggestion

There many NFS-associated services. And this makes it impractical to remember corresponding port numbers to configure firewall.


However, it is easy to recall all required NFS ports for each protocol starting from the two keywords for the two main NFS services: rpcbind (portmapper) and nfsd (NFS).

Example

Look up port numbers for rpcbind and nfsd:

shell> grep rpcbind /etc/services
sunrpc          111/tcp         portmapper rpcbind      # RPC 4.0 portmapper TCP
sunrpc          111/udp         portmapper rpcbind      # RPC 4.0 portmapper UDP
...
shell> grep nfsd /etc/services
nfs             2049/tcp        nfsd shilp      # Network File System
nfs             2049/udp        nfsd shilp      # Network File System
nfs             2049/sctp       nfsd shilp      # Network File System
...


As soon as rpcbind (portmapper) and nfsd (NFS) services started, query registered RPC information which lists all required protocols and port numbers:

shell> rpcinfo -p
   program vers proto   port  service
    100000    4   tcp    111  portmapper
    100000    3   tcp    111  portmapper
    100000    2   tcp    111  portmapper
    100000    4   udp    111  portmapper
    100000    3   udp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  54173  status
    100024    1   tcp  59473  status
    100011    1   udp    875  rquotad
    100011    2   udp    875  rquotad
    100011    1   tcp    875  rquotad
    100011    2   tcp    875  rquotad
    100021    1   udp  53526  nlockmgr
    100021    3   udp  53526  nlockmgr
    100021    4   udp  53526  nlockmgr
    100021    1   tcp  45738  nlockmgr
    100021    3   tcp  45738  nlockmgr
    100021    4   tcp  45738  nlockmgr
    100003    2   tcp   2049  nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    2   tcp   2049  nfs_acl
    100227    3   tcp   2049  nfs_acl
    100003    2   udp   2049  nfs
    100003    3   udp   2049  nfs
    100003    4   udp   2049  nfs
    100227    2   udp   2049  nfs_acl
    100227    3   udp   2049  nfs_acl
    100005    1   udp  48448  mountd
    100005    1   tcp  56991  mountd
    100005    2   udp  55437  mountd
    100005    2   tcp  41994  mountd
    100005    3   udp  54939  mountd
    100005    3   tcp  55640  mountd


Some of these port numbers are random. In order to fix port numbers and use static firewall rules, assign values to appropriate variables in /etc/sysconfig/nfs configuration file, for example:

RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662