How to configure Linux iptables for NFS server on Cent OS Fedora Linux Ubuntu Debian Redhat
NFS Pre Configuration
To enable NFS clients to access NFS server we need to enable the following services.
a] TCP/UDP 111 – RPC 4.0 portmapper
b] TCP/UDP 2049 – NFSD (nfs server)
c] Portmap static ports – Dynamic ports defined in /etc/sysconfig/nfs file.
b] TCP/UDP 2049 – NFSD (nfs server)
c] Portmap static ports – Dynamic ports defined in /etc/sysconfig/nfs file.
Port mapper assigns each NFS service to a port dynamically at service startup time.
Dynamic ports cannot be protected by port filtering firewalls such as iptables.
So we need to configure static ports for port map service
Edit /etc/sysconfig/nfs and add the below mentioned lines
#vim /etc/sysconfig/nfs
RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 STATD_PORT=662 STATD_OUTGOING_PORT=2020
Save the file and restart the service
# service portmap restart
# service nfs restart
# service rpcsvcgssd restart
# service nfs restart
# service rpcsvcgssd restart
Iptables for NFS
IP tables configuration for nfs
Run the following commands in Linux Shell.
Run the following commands in Linux Shell.
iptables -A INPUT -p tcp --dport 110 -j ACCEPT iptables -A INPUT -p udp --dport 110 -j ACCEPT iptables -A INPUT -p tcp --dport 2049 -j ACCEPT iptables -A INPUT -p tcp --dport 662 -j ACCEPT iptables -A INPUT -p udp --dport 662 -j ACCEPT iptables -A INPUT -p tcp --dport 875 -j ACCEPT iptables -A INPUT -p udp --dport 875 -j ACCEPT iptables -A INPUT -p tcp --dport 892 -j ACCEPT iptables -A INPUT -p udp --dport 892 -j ACCEPT iptables -A INPUT -p tcp --dport 32803 -j ACCEPT iptables -A INPUT -p udp --dport 32769 -j ACCEPT
Now Save and restart iptables
# iptables-save > /etc/sysconfig/iptables
or
#service iptables save
or
#service iptables save
#service iptables restart
Also you can manually edit and /etc/sysconfig/iptables and add the below mentioned line
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -p udp -m udp --dport 110 -j ACCEPT -A INPUT -p tcp -m tcp --dport 662 -j ACCEPT -A INPUT -p udp -m udp --dport 662 -j ACCEPT -A INPUT -p tcp -m tcp --dport 875 -j ACCEPT -A INPUT -p udp -m udp --dport 875 -j ACCEPT -A INPUT -p tcp -m tcp --dport 892 -j ACCEPT -A INPUT -p udp -m udp --dport 892 -j ACCEPT -A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT -A INPUT -p tcp -m tcp --dport 32803 -j ACCEPT -A INPUT -p udp -m udp --dport 32769 -j ACCEPT
Save the file and restart the service
#service iptables restart