Home / ubuntu / Questions / 103910
Accepted
JaR
Asked: 2012-02-14 10:00:48 +0800 CST

nfs is blocked by ufw even though ports are opened

  • 772

I've set up an nfsv4 server and it's working fine, however the firewall is blocking nfs even if port 2049 and 111 are open.

I know nfs uses some random ports that change at every boot, but how can i make them static so i can use nfs without disabling my firewall again?

nfs 11.04 ufw

2 Answers

  1. Best Answer

    I did some more research into this. Ubuntu is using the UFW, which is extremely easy to configure, yet very potent, at least for soho needs. So, the rpc.mountd listens on multiple ports by default thus you have to bind rpc.mountd to one port, then you can add an additional UFW rule to accept incoming connection on that particular port.

    To do so, open /etc/default/nfs-kernel-server and comment out the line

    RPCMOUNTDOPTS=--manage-gids

    and add the following line

    RPCMOUNTDOPTS="-p 13025"

    13025 is just a randomly selected port, something that is available and isn't already defined in /etc/services.

    Restart NFSd with sudo /etc/init.d/nfs-kernel-server restart

    Now configure the UFW to accept incoming connections on port 13025, 2049 and port 111.

    ufw allow from 192.168.1.0/24 to any port 111
ufw allow from 192.168.1.0/24 to any port 2049
ufw allow from 192.168.1.0/24 to any port 13025

    That's it. You should now be able to mount your exports form another machine. :-)

    • 41

  2. You don't have to do complex operations with new versions of Ubuntu. Ubuntu 18.04 ufw and nfs-kernel-server.

    Just use this command to allow nfs on your host

    sudo ufw allow from your_client_ip to any port nfs

    or

    sudo ufw allow from your_client_ip_block/24 to any port nfs
    • 4