RHEL5 NFS and iptables [RedHat]

Prev: "no route to host" problems
Next: MI5 Persecution: Grievous Bodily Harm 2/10/95 (1745)

From: colin.rudakiewicz on 22 Jun 2007 06:58

Hello all,

I have a RHEL5 NFS server and a Solaris 8 NFS client. If I run service
iptables stop on RHEL5 I can mount filesystem on my Solaris 8 NFS
client (on 192.168.154.0 subnet). I have tried the following:

/etc/sysconfig/nfs:

STATD_PORT=10002
STATD_OUTGOING_PORT=10003
MOUNTD_PORT=10004
RQUOTAD_PORT=10005

/etc/modprobe.conf
options lockd nlm_tcpport=10000 nlm_udpport=10001

/etc/sysconfig/iptables:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -
j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -
j ACCEPT
-A RH-Firewall-1-INPUT -p udp -s 192.168.154.0/24 -i eth1 -m state --
state NEW -m multiport --dports 177,445,137:139 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -s 192.168.154.0/24 -i eth1 -m state --
state NEW -m multiport --dports 445,6000,7100,137:139 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -s 192.168.154.0/24 -i eth1 -m state --
state NEW -m multiport --dports 2049,111,10000:10005 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -s 192.168.154.0/24 -i eth1 -m state --
state NEW -m multiport --dports 2049,111,10000:10005 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

rpcinfo -p on RHEL5 shows:
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 10002 status
100024 1 tcp 10002 status
100021 1 udp 10001 nlockmgr
100021 3 udp 10001 nlockmgr
100021 4 udp 10001 nlockmgr
100021 1 tcp 10000 nlockmgr
100021 3 tcp 10000 nlockmgr
100021 4 tcp 10000 nlockmgr
100011 1 udp 10005 rquotad
100011 2 udp 10005 rquotad
100011 1 tcp 10005 rquotad
100011 2 tcp 10005 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100003 2 tcp 2049 nfs
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100005 1 udp 10004 mountd
100005 1 tcp 10004 mountd
100005 2 udp 10004 mountd
100005 2 tcp 10004 mountd
100005 3 udp 10004 mountd
100005 3 tcp 10004 mountd

I have tried all sorts of combinations and I am unable to get it to
work
rpcinfo and mount on the Solaris client give RPC timeout.

Anyone know what might be wrong with my iptables setup..?

Rgds - Colin R

|
Pages: 1
Prev: "no route to host" problems
Next: MI5 Persecution: Grievous Bodily Harm 2/10/95 (1745)