{{tag>Brouillon NFS CA}}

= NFS - Exécuter NFSv3 derrière un pare-feu

Source : http://underpop.online.fr/l/linux/en/centos/s2-sysconfig-nfs.htm

NFS requires portmap/rcpbind, which dynamically assigns ports for RPC services. This causes problems for configuring firewall rules. To overcome this problem, use the ''/etc/sysconfig/nfs'' file to control which ports the required RPC services run on.

// Deprecate /etc/sysconfig/nfs and only use /etc/nfs.conf to configure NFS daemons //

The /etc/sysconfig/nfs may not exist by default on all systems. If it does not exist, create it and add the following variables (alternatively, if the file exists, un-comment and change the default entries as required):

''MOUNTD_PORT=x'' \\
control which TCP and UDP port mountd (rpc.mountd) uses. Replace x with an unused port number.

''STATD_PORT=x'' \\
control which TCP and UDP port status (rpc.statd) uses. Replace x with an unused port number. 

''LOCKD_TCPPORT=x'' \\
control which TCP port nlockmgr (rpc.lockd) uses. Replace x with an unused port number. 

''LOCKD_UDPPORT=x'' \\
control which UDP port nlockmgr (rpc.lockd) uses. Replace x with an unused port number.

If NFS fails to start, check /var/log/messages. Normally, NFS will fail to start if you specify a port number that is already in use. After editing /etc/sysconfig/nfs restart the NFS service by running the service nfs restart command. Run the ''rpcinfo -p'' command to confirm the changes.

To configure a firewall to allow NFS:

  -     Allow TCP and UDP port 2049 for NFS.
  -     Allow TCP and UDP port 111 (portmap/sunrpc).
  -     Allow the TCP and UDP port specified with ''MOUNTD_PORT="x"''
  -     Allow the TCP and UDP port specified with ''STATD_PORT="x"''
  -     Allow the TCP port specified with ''LOCKD_TCPPORT="x"''
  -     Allow the UDP port specified with ''LOCKD_UDPPORT="x"''