Network and Storage Protocols

NFS through a firewall

jen
11,488 Views

Hi all

On of our customers is requesting access to a NFS share on my FAS3040 appliance through a firewall. The same NFS share is accessed from clients which is not behind this firewall.

As far as I know there's a few requirements to get this working, eg. apply the port rules on the firewall.

The question; anyone who knows which ports to open on the firewall?

Thanks in advance everyone

/Jesper

3 REPLIES 3

maddydev2001
11,488 Views

There are 2 suggestions:-

1.)  Try to run rpcinfo -p from the client, on which nfs is mounted with out firewall to know ports required...

2.) Visit http://www.iana.org/assignments/port-numbers and search of all nfs ports and open them on firewall.

I hope this will help..

jason_lempka
11,488 Views

I recently set up NFS through my firewall from my DMZ and I use the following on my Cisco ASA:

object-group service nfs-ports
service-object tcp-udp eq 4000
service-object tcp-udp eq 4001
service-object tcp-udp eq 4046
service-object tcp-udp eq nfs
service-object tcp-udp eq sunrpc
service-object tcp-udp eq 4045

in the following ACL:

access-list dmz1_access_in remark Allow external FTP server NFS access to data-3170-a
access-list dmz1_access_in extended permit object-group nfs-ports host external-ftp-server host fas3170-nfs

Works perfectly for me.

Thanks!

Jason

__Demond_NC_17110
11,487 Views

Are you running NFSv3 or NFSv4?  We have a similar issue and because port assignment in NFSv3 is dynamic our InfoSec department recommended that we use NFSv4.  It's works, however we are having to work through some authentication issues as we are still using basic auth with NFSv4 instead of Kerberos.

Public