How to get NFS working with Ubuntu-CE-Firewall

We are going to bind nlockmgr and mountd to specific port numbers to be able to run them through a iptables firewall. This is specific for the Ubuntu_CE_Firewall, however if you have a iptables firewall it should be the similar, however step 4 will have to be modified to fit your needs.

1. edit /etc/init.d/nfs-kernel-server:

sudo gedit /etc/init.d/nfs-kernel-server

when it opens look for this line: RPCMOUNTDOPTS= and change it to this: RPCMOUNTDOPTS="-p 32767" the port number can be whatever you want, but it has to be opened in the ubuntu_ce_firewall.

2. edit /etc/modprobe.d/options.conf

sudo gedit /etc/modprobe.d/options.conf

you need to add this line: options lockd nlm_udpport=4045 nlm_tcpport=4045 again the port number can be whatever you want.

3. add lockd to the startup modules

sudo gedit /etc/modules

and add this line, make sure it is on it's own line. lockd '

4. Edit firewall

sudo gedit /etc/init.d/ubuntu_ce_firewall

You will need to add this section or edit it if already exists:

  • # Open ports for NSF start

    /sbin/iptables -A INPUT -p tcp --dport 111 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -p udp --dport 111 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 2049 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -p udp --dport 2049 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 4045 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -p udp --dport 4045 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -p tcp --dport 32767 -m state --state NEW -j ACCEPT
    /sbin/iptables -A INPUT -p udp --dport 32767 -m state --state NEW -j ACCEPT

    # Open ports for NSF end

The bold numbers in the firewall rules must agree with the numbers you chose above in section 1 and 2. You can edit these numbers to your liking, but there are some kind of restrictions, and I'm not sure what they are. I assume it can't be a used port.

5. Reboot

Now simple reboot. It is easier than trying to get all these services to restart. After rebooting to check and make sure you numbers agree with the bold numbers above you can run:

rpcinfo -p


The output of this will give you all the used ports. The nlockmgr and mountd ports should match your numbers you selected.

Credits:
shane2peru
DaneM on launchpad bug reports
David_KT on ubuntuforums


CategoryCategory

How to get NFS working with Ubuntu-CE-Firewall (last edited 2009-09-16 18:57:27 by shane-rices4peru)