2010-08-25 11:21 PM
On of our customers is requesting access to a NFS share on my FAS3040 appliance through a firewall. The same NFS share is accessed from clients which is not behind this firewall.
As far as I know there's a few requirements to get this working, eg. apply the port rules on the firewall.
The question; anyone who knows which ports to open on the firewall?
Thanks in advance everyone
2010-08-26 05:43 AM
There are 2 suggestions:-
1.) Try to run rpcinfo -p from the client, on which nfs is mounted with out firewall to know ports required...
2.) Visit http://www.iana.org/assignments/port-numbers and search of all nfs ports and open them on firewall.
I hope this will help..
2010-08-26 01:48 PM
I recently set up NFS through my firewall from my DMZ and I use the following on my Cisco ASA:
object-group service nfs-ports
service-object tcp-udp eq 4000
service-object tcp-udp eq 4001
service-object tcp-udp eq 4046
service-object tcp-udp eq nfs
service-object tcp-udp eq sunrpc
service-object tcp-udp eq 4045
in the following ACL:access-list dmz1_access_in remark Allow external FTP server NFS access to data-3170-a
access-list dmz1_access_in extended permit object-group nfs-ports host external-ftp-server host fas3170-nfs
Works perfectly for me.
2010-11-18 06:50 AM
Are you running NFSv3 or NFSv4? We have a similar issue and because port assignment in NFSv3 is dynamic our InfoSec department recommended that we use NFSv4. It's works, however we are having to work through some authentication issues as we are still using basic auth with NFSv4 instead of Kerberos.