ONTAP Discussions

what port number range should be opened in the direction from nfs server to nfs client side?

Daniel_66
7,032 Views

Because the custumor's network environment exists two-way firewall.  We've opened these ports 111,2049,635,4045,4046,4049 in nfs server (ontap) side. when we opened more than 700 port number in the nfs client side,  nfs volume can be mounted normally. We'd like to know what is the exact port number range that nfs client side needs to mount nfsv3 volume

 

we opened more than 700 port number by using the following command:

R1(config)#access-list 110 permit tcp any any gt 700

 

nfs client's session information(nfs client 192.168.10.105,  ontap:192.168.2.156):

Daniel_66_0-1645760525302.png

 

 

 

 

1 ACCEPTED SOLUTION

Daniel_66
6,850 Views

Hello,

    I studied the issue these days, and found the range of nfs client-side's ports were divided into two parts, one was privilege port (less than 1024), the other was non-privilege port(more than 1024 random port).

    privilege port number can be configured by add the two variables("sunrpc.min_resvport" & "sunrpc.max_resvport") into /etc/sysctl.conf (refer to https://access.redhat.com/solutions/1614383).

    non-privilege port number can be configured by adding the variable of "net.ipv4.ip_local_port_range" into /etc/sysctl.conf

 

/etc/sysctl.conf file content as follow:

Daniel_66_0-1646227642998.png

 

finally, thank you for your information

 

View solution in original post

3 REPLIES 3

Daniel_66
6,998 Views

Hello hmouhara,

         Thank you for your reply, I read the post you provided above.  the post instructs the detail port number that is needed in the NFS server-side. But we don't know which port number range need to be opened in the NFS client-side.  port number that is used in the NFS client-side seems to be randomly assigned. whether do these random port numbers have the exact the range? Are these random port number defined by nfs client OS or by Ontap system?

 

(nfs client ipadd: 192.168.10.105,  Ontap nfs lif ipadd:192.168.2.156):

Daniel_66_0-1645779875376.png

 

Daniel_66
6,851 Views

Hello,

    I studied the issue these days, and found the range of nfs client-side's ports were divided into two parts, one was privilege port (less than 1024), the other was non-privilege port(more than 1024 random port).

    privilege port number can be configured by add the two variables("sunrpc.min_resvport" & "sunrpc.max_resvport") into /etc/sysctl.conf (refer to https://access.redhat.com/solutions/1614383).

    non-privilege port number can be configured by adding the variable of "net.ipv4.ip_local_port_range" into /etc/sysctl.conf

 

/etc/sysctl.conf file content as follow:

Daniel_66_0-1646227642998.png

 

finally, thank you for your information

 

Public