NFS Services Administrator's Guide (762805-001, March 2014)
Shared NFS directories can be accessed across a firewall in the following ways:
• Sharing directories across a firewall without fixed port numbers
• Sharing directories across a firewall using fixed port numbers in the /etc/default/nfs
file
• Sharing directories across a firewall using the NFSv4 protocol
• Sharing directories across a firewall using the WebNFS feature
Sharing directories across a firewall without fixed port numbers (NFSv2 and NFSv3)
This is the default method of sharing directories across a firewall. In this method, the rpc.statd
and rpc.mountd daemons do not run on fixed ports. The ports used by these daemons are
assigned from the anonymous port range. By default, the anonymous port range is configured
between 49152 and 65535.
The rpc.lockd daemon runs at port 4045 and is not configurable. To determine the port numbers
currently used by rpc.statd and rpc.mountd daemons, run the rpcinfo -p command, and
configure the firewall accordingly.
For example, to determine the port numbers, enter the following command:
rpcinfo -p
An output similar to the following output is displayed:
program vers proto port service
100024 1 udp 49157 status
100024 1 tcp 49152 status
100021 2 tcp 4045 nlockmgr
100021 3 udp 4045 nlockmgr
100005 3 udp 49417 mountd
100005 3 tcp 49259 mountd
100003 2 udp 2049 nfs
100003 3 tcp 2049 nfs
Each time the rpc.statd and rpc.mountd daemons are stopped and restarted they may be
assigned a different port from the anonymous port range. The firewall must be reconfigured each
time the NFS service is restarted.
For example, if the NFS service or the rpc.statd and rpc.mountd daemons are restarted, run
the rpcinfo -p command to view the new port numbers.
An output similar to the following output is displayed:
program vers proto port service
100024 1 tcp 49154 status
100024 1 udp 49161 status
100021 3 tcp 49156 nlockmgr
100021 3 udp 49163 nlockmgr
100005 3 udp 49181 mountd
100005 3 tcp 49181 mountd
100003 3 udp 2049 nfs
100003 3 tcp 2049 nfs
Configure the firewall based on the new port numbers.
Sharing directories across a firewall using fixed port numbers in the nfs file
Using the /etc/default/nfs file enables you to specify fixed port numbers for the rpc.statd
and rpc.mountd daemons. The rpc.lockd daemon runs at port 4045 and is not configurable.
To set the port numbers using the /etc/default/nfs file, follow these steps:
1. Assign values to the variables, STATD_PORT and MOUNT_PORT, as follows:
STATD_PORT = port_number
MOUNTD_PORT = port_number
NFS4CBD_PORT = port_number
30 Configuring and administering NFS services