HPE Community
Operating System - HP-UX
1833192 Members
3296 Online
110051 Solutions
New Discussion

Re: NFS across firewall

 
SOLVED
Go to solution
Gary Yu
Super Advisor

‎10-25-2004 02:02 AM

‎10-25-2004 02:02 AM

NFS across firewall

Hi all,

We have a NFS client server in the DMZ, and will access the NFS server in the local network through firewall, both servers are running HPUX11.0. we have opened port 111 and 2049 (udp and tcp)on firewall for rpcbind and nfsd , but it seemed that there's still a random UDP port on NFS server is needed for "rpc.mount". i.e output from lsof shows:
rpc.mount 1137 root 3u inet 72,0x73 0t0 UDP *:49236 (Idle)

the problem is, since this udp port is randomly allocated, it's hard to set firewall rules to let it pass. Anyone there also got similar problems? Thank you for sharing your experience.

Gary
0 Kudos
Reply
7 REPLIES 7
Gary Yu
Super Advisor

‎10-25-2004 02:31 AM

‎10-25-2004 02:31 AM

Re: NFS across firewall

After I did some search on the forum, it seemed it's mission impossible :(
so don't bother, thanks guys...
Gary
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-25-2004 02:40 AM

‎10-25-2004 02:40 AM

Solution

Re: NFS across firewall

The problem is that with NFS v3 there is a random port in the 10,000 range that needs to be open. I believe NFS v4 provides a methodology for getting around this.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Gary Yu
Super Advisor

‎10-25-2004 02:50 AM

‎10-25-2004 02:50 AM

Re: NFS across firewall

Thanks Steven, is it easy to upgrate NFS to v4.0? I don't have such document on hand...

thanks,
Gary
0 Kudos
Reply
Geoff Wild
Honored Contributor

‎10-25-2004 03:03 AM

‎10-25-2004 03:03 AM

Re: NFS across firewall

Have a look at running NFS over TCP only:

http://www.interex.org/pubcontent/enterprise/sep00/14mcneal.html

-o proto=tcp

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
Reply
Gary Yu
Super Advisor

‎10-25-2004 03:39 AM

‎10-25-2004 03:39 AM

Re: NFS across firewall

thanks guys,
one more questions regarding this issue,
does the rpc.mountd only active(or being used) while do the initial mount? I mean, I found that after I opened the 49xxx port for rpc.mountd, and mount the nfs file system, I then closed that port on firewall, but I still can read/write the NFS file system on clients without any problem.
so the question is, after the initial mount, is it possible to close the port on firewall?

thanks,
Gary
0 Kudos
Reply
RAC_1
Honored Contributor

‎10-25-2004 03:52 AM

‎10-25-2004 03:52 AM

Re: NFS across firewall

NFS through particular port was not possible till sometime back. With new version, it is possible. There was a mention about this from Dave Olker. Search the forum for his posts and you will get it. The one thing that I do not remember is "Is that available for 11.0"

I am sure that it is there for 11.23.

With new NFS, is was posiible to do forcefull unmount of NFS mount and running it over a particular port.

Anil
There is no substitute to HARDWORK
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎10-25-2004 11:47 PM

‎10-25-2004 11:47 PM

Re: NFS across firewall

Hi Gary,

I answered another very similar enquirey today, and the only solution that I am aware of is to use IP-Sec to tunnel NFS through. This will be totally transparent to all applications once setup, and will allow you to route other traffic over the link without having to modify your firewall configuration.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.