[Shorewall-users] which ports for NFS shares

Tom Eastep teastep@shorewall.net
Wed, 23 Jan 2002 07:18:11 -0800

Hi Goetz,

On Wednesday 23 January 2002 07:10 am, Goetz Reinicke wrote:
> Hi,
> I'd like to mount some NFS shares on an "shorewalled" system. Are there
> special ports I have to open besides nfs 111 ?

Actually, 111 is portmap. And therein lies the problem in that=20
portmap-assigned ports are completely dynamic. There was a portmap=20
connection-tracking module in the iptables "patch-o-matic" at one time; I=
tried to use it but gave up after a couple of hours.

The bottom line is that I don't have a good solution for you other than t=

a) establish a tunnel between the NFS client and server and use NFS throu=
the tunnel; or
b) open all non-priv UDP traffic (ports 1024: ) from NFS client to server=

Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net