tcp port ranges for nfs in solaris 10
in [Solaris]
|
From: mikegws on 16 Mar 2010 21:39 Hi All, I need to define what ports are allowed thru a firewall for NFSv3 (v4 not an option for us at the moment) on a S10u8 machine are. It seems the NFS server needs: tcp 111 (port mapper) tcp 2049 (mountd) tcp 32771 status (rquotad) Anything else I might be missing? -Michael -- Planetra Hosting mikegws at gmail dott comm
From: Casper H.S. Dik on 17 Mar 2010 06:03 "mikegws(a)gmail.com" <mikegws(a)gmail.com> writes: >Hi All, >I need to define what ports are allowed thru a firewall for NFSv3 (v4 >not an option for us at the moment) on a S10u8 machine are. >It seems the NFS server needs: >tcp 111 (port mapper) >tcp 2049 (mountd) >tcp 32771 status (rquotad) You will need them both for udp and tcp: 111 (rpcbind/portmap) 2049 NFS protocol (not mountd!) 4045 lockmgr Mountd/rquotad/status use random ports. What are the clients? Casper -- Expressed in this posting are my opinions. They are in no way related to opinions held by my employer, Sun Microsystems. Statements on Sun products included here are not gospel and may be fiction rather than truth.
From: mikegws on 17 Mar 2010 09:19 On Mar 17, 6:03 am, Casper H.S. Dik <Casper....(a)Sun.COM> wrote: > "mike...(a)gmail.com" <mike...(a)gmail.com> writes: > >Hi All, > >I need to define what ports are allowed thru a firewall for NFSv3 (v4 > >not an option for us at the moment) on a S10u8 machine are. > >It seems the NFS server needs: > >tcp 111 (port mapper) > >tcp 2049 (mountd) > >tcp 32771 status (rquotad) > > You will need them both for udp and tcp: > > 111 (rpcbind/portmap) > 2049 NFS protocol (not mountd!) > 4045 lockmgr > > Mountd/rquotad/status use random ports. > > What are the clients? UDP too? We're Solaris 10 all around - isn't that by default TCP NFS? The clients are all Solaris 10. Eventually we will go to NFSv4 - but until that project fires up we need to get the firewall rules straight. Do we define a range for mount/rquotad/status ? @Michael - yes, I did google it and the results from Sun (the various docs I found just said port 2049 or to use WebNFS) or questions posted to various lists didn't really help much.
From: Casper H.S. Dik on 17 Mar 2010 10:33 "mikegws(a)gmail.com" <mikegws(a)gmail.com> writes: >> You will need them both for udp and tcp: >> >> 111 (rpcbind/portmap) >> 2049 NFS protocol (not mountd!) >> 4045 lockmgr >> >> Mountd/rquotad/status use random ports. >> >> What are the clients? >UDP too? We're Solaris 10 all around - isn't that by default TCP NFS? To be honest, I'm not sure that the clients will always use TCP for all of the protocols. >The clients are all Solaris 10. Eventually we will go to NFSv4 - but >until that project fires up we need to get the firewall rules >straight. >Do we define a range for mount/rquotad/status ? Unfortunately, that range would be 2^15 - 2^16-1. Casper -- Expressed in this posting are my opinions. They are in no way related to opinions held by my employer, Sun Microsystems. Statements on Sun products included here are not gospel and may be fiction rather than truth.
From: Doug McIntyre on 17 Mar 2010 10:54
Casper H.S. Dik <Casper.Dik(a)Sun.COM> writes: >"mikegws(a)gmail.com" <mikegws(a)gmail.com> writes: >>> You will need them both for udp and tcp: >>> >>> 111 (rpcbind/portmap) >>> 2049 NFS protocol (not mountd!) >>> 4045 lockmgr >>> >>> Mountd/rquotad/status use random ports. >>> >>> What are the clients? >>UDP too? We're Solaris 10 all around - isn't that by default TCP NFS? >To be honest, I'm not sure that the clients will always use TCP >for all of the protocols. >>The clients are all Solaris 10. Eventually we will go to NFSv4 - but >>until that project fires up we need to get the firewall rules >>straight. >>Do we define a range for mount/rquotad/status ? >Unfortunately, that range would be 2^15 - 2^16-1. What the OP really needs is a firewall that is smart enough about watching the protocol itself to let through the RPC/NFS protocol, and opening the ports as required. There's several out there that can do this. (ie. Fortigate, Juniper, etc). |