- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: NFS ports HPUX 11.23
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-18-2009 05:00 PM
тАО02-18-2009 05:00 PM
I'm getting troubles when configure nfs, I must use static ports cause between my server and some clients there is a firewall. I have alread read this doc:
http://docs.hp.com/en/B9901-90042/ch12s02.html
I've applied the recommended patch PHNE_38252, and added the next lines into the /etc/rc.config.d/nfsconf
STATD_PORT=65534
MOUNTD_PORT=65535
LOCKD_PORT=4045
after reboot the rpcinfo is correct:
uilnsx01:root> rpcinfo -p
program vers proto port service
100000 4 tcp 111 rpcbind
100000 3 tcp 111 rpcbind
100000 2 tcp 111 rpcbind
100000 4 udp 111 rpcbind
100000 3 udp 111 rpcbind
100000 2 udp 111 rpcbind
100024 1 udp 65534 status
100024 1 tcp 65534 status
100020 1 udp 4045 llockmgr
100020 1 tcp 4045 llockmgr
100021 1 udp 4045 nlockmgr
100021 3 udp 4045 nlockmgr
100021 4 udp 4045 nlockmgr
100021 1 tcp 4045 nlockmgr
100021 3 tcp 4045 nlockmgr
100021 4 tcp 4045 nlockmgr
100021 2 tcp 4045 nlockmgr
390113 1 tcp 7937
100005 1 udp 65535 mountd
100005 3 udp 65535 mountd
100005 1 tcp 65535 mountd
100005 3 tcp 65535 mountd
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
but the nfs service is still trying to use another ports, here the evidence on the firewall:
Feb 18 16:04:14 hnsqbkuprtb03 8463265: .Feb 18 16:04:13 EST: %SEC-6-IPACCESSLOGP: list 2000 DENIED udp 172.22.15.14(625) -> 172.22.4.89(65535), 1 packet
Feb 18 16:04:14 hnsqbkuprtb03 8463263: .Feb 18 16:04:13 EST: %SEC-6-IPACCESSLOGP: list 2000 PERMITED udp 172.22.15.12(54007) -> 172.22.4.89(65535), 1 packet
Feb 18 16:04:14 hnsqbkuprtb03 8463261: .Feb 18 16:04:13 EST: %SEC-6-IPACCESSLOGP: list 2000 DENIED udp 172.22.15.12(846) -> 172.22.4.89(65535), 1 packet
where 172.22.4.89 is the server, and the other ip addresses are the clients
I appreciate any suggestion.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-18-2009 08:05 PM
тАО02-18-2009 08:05 PM
Re: NFS ports HPUX 11.23
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-18-2009 10:31 PM
тАО02-18-2009 10:31 PM
Re: NFS ports HPUX 11.23
I have no idea what firewall you're using or what firewall rules you've established. All I can do is make a guess based on what you said works and what fails:
DENIED udp 172.22.15.14(625) -> 172.22.4.89(65535)
>>>> PERMITED udp 172.22.15.12(54007) -> 172.22.4.89(65535)
DENIED udp 172.22.15.12(846) -> 172.22.4.89(65535)
It denied inbound packets to port 65535 that originated from remote ports in the reserved port range (625 and 846). It allowed an inbound packet to port 65535 that originated from a remote port in the anonymous range (54007).
Are you sure you don't have a firewall rule about allowing or denying packets from the reserved port range?
Regards,
Dave
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2009 07:16 AM
тАО02-19-2009 07:16 AM
Re: NFS ports HPUX 11.23
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2009 07:22 AM
тАО02-19-2009 07:22 AM
Solution> still generating packets in different ports??
All you're configuring with the static port number enhancement is the port number that the server daemons will listen on. You have no control over the port numbers used on the remote NFS client systems contacting these daemons.
If you DENY access from reserved ports to these daemons you will likely never get NFS to work because most NFS client implementations use reserved ports either when mounting, locking, or accessing NFS files.
Dave
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2009 07:39 AM
тАО02-19-2009 07:39 AM
Re: NFS ports HPUX 11.23
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2009 07:44 AM
тАО02-19-2009 07:44 AM
Re: NFS ports HPUX 11.23
The other daemons, statd, mountd, lockd, and rquotad, will normally move around to the first available port they are informed of by the portmapper.
As Dave suggested,you always will not have control on the clients port numbers during communication.
If I were you, I would give a try by setting port numbers for statd and lockd , the daemons which are to be running on the nfs client.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2009 07:50 AM
тАО02-19-2009 07:50 AM
Re: NFS ports HPUX 11.23
No.
You can specify the port numbers that lockd, statd, mountd will *listen for requests on*, just as you have with the server side, but you cannot control which port numbers the actual lock/mount/nfs requests will come from. Those are typically assigned randomly from either the reserved pool (for some operations) or the anonymous pool (for some operations). I know of no way to configure specific ports for these requests.
Dave
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2009 06:33 AM
тАО02-20-2009 06:33 AM
Re: NFS ports HPUX 11.23
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2009 06:40 AM
тАО02-20-2009 06:40 AM
Re: NFS ports HPUX 11.23
I dont see any issue opening up client ports > 1023.
The option is to use tape drive on each client and perform ignite operations locally.