Iptables for NFS Server ports


How to configure Linux iptables for NFS server on Cent OS Fedora Linux Ubuntu Debian Redhat

NFS Pre Configuration

 To enable NFS clients to access NFS server we need to enable the following services.
a] TCP/UDP 111 – RPC 4.0 portmapper
b] TCP/UDP 2049 – NFSD (nfs server)
c] Portmap static ports – Dynamic ports defined in /etc/sysconfig/nfs file.
Port mapper assigns each NFS service to a port dynamically at service startup time.
Dynamic ports cannot be protected by port filtering firewalls such as iptables.
So we need to configure static ports for port map service
Edit /etc/sysconfig/nfs and add the below mentioned lines
#vim /etc/sysconfig/nfs
 RQUOTAD_PORT=875
 LOCKD_TCPPORT=32803
 LOCKD_UDPPORT=32769
 MOUNTD_PORT=892
 STATD_PORT=662
 STATD_OUTGOING_PORT=2020
Save the file and restart the service
# service portmap restart
# service nfs restart
# service rpcsvcgssd restart

Iptables for NFS

IP tables configuration for nfs
Run the following commands in Linux Shell.
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p udp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 2049 -j ACCEPT
iptables -A INPUT -p tcp --dport 662 -j ACCEPT
iptables -A INPUT -p udp --dport 662 -j ACCEPT
iptables -A INPUT -p tcp --dport 875 -j ACCEPT
iptables -A INPUT -p udp --dport 875 -j ACCEPT
iptables -A INPUT -p tcp --dport 892 -j ACCEPT
iptables -A INPUT -p udp --dport 892 -j ACCEPT
iptables -A INPUT -p tcp --dport 32803 -j ACCEPT
iptables -A INPUT -p udp --dport 32769 -j ACCEPT 
 
Now Save and restart iptables
# iptables-save > /etc/sysconfig/iptables
or
#service iptables save

#service iptables restart

Also you can manually edit and /etc/sysconfig/iptables and add the below mentioned line

 

 -A INPUT -p tcp -m tcp --dport  110 -j ACCEPT
 -A INPUT -p udp -m udp --dport  110 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport  662 -j ACCEPT
 -A INPUT -p udp -m udp --dport  662 -j ACCEPT 
 -A INPUT -p tcp -m tcp --dport  875 -j ACCEPT
 -A INPUT -p udp -m udp --dport  875 -j ACCEPT 
 -A INPUT -p tcp -m tcp --dport  892 -j ACCEPT
 -A INPUT -p udp -m udp --dport  892 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport  2049 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport  32803 -j ACCEPT
 -A INPUT -p udp -m udp --dport  32769 -j ACCEPT 


Save the file and restart the service

#service iptables restart