NFS Services Administrator's Guide
Configuring and Administering NFS Services
Configuring and Administering an NFS Server
Chapter 2 65
Accessing Shared NFS Directories across a Firewall
To access shared NFS directories across a firewall, you must configure
the firewall based on the ports that the NFS service daemons listen on.
To access NFS directories, the following daemons are required: rpcbind,
nfsd, rpc.lockd, rpc.statd, and rpc.mountd. The rpcbind daemon
uses a fixed port, 111, and the nfsd daemon uses 2049 as its default port.
To configure the firewall, you must know the port numbers of the other
NFS daemons, to ensure that the NFS client requests are not denied.
NOTE This section does not document how to configure a firewall. This section
documents the considerations to keep in mind while sharing a directory
across a firewall.
Shared NFS directories can be accessed across a firewall in the following
ways:
• Sharing directories across a firewall without fixed port numbers
• Sharing directories across a firewall using fixed port numbers in the
/etc/default/nfs file
• Sharing directories across a firewall using the NFSv4 protocol
• Sharing directories across a firewall using the WebNFS feature
Sharing directories across a firewall without fixed port numbers
(NFSv2 and NFSv3)
This is the default method of sharing directories across a firewall. In this
method, the rpc.statd and rpc.mountd daemons do not run on fixed
ports. The ports used by these daemons are assigned from the
anonymous port range. By default, the anonymous port range is
configured between 49152 and 65535.
The rpc.lockd daemon runs at port 4045, by default. To change the port
at which it runs, modify the lockd entry in the /etc/services file and
restart the daemon. To determine the port numbers currently used by
rpc.statd and rpc.mountd daemons, run the rpcinfo -p command,
and configure the firewall accordingly.
For example, to determine the port numbers, enter the following
command: