Essential NFS Firewall Ports Configuration Guide for Ubuntu 11.10 Server


2 views

When configuring NFS (Network File System) on Ubuntu 11.10, firewall configuration is critical for proper functionality. NFS uses multiple ports for different services, and we need to consider both the core NFS protocol and its dependencies.

These are the essential ports required for basic NFS v3/v4 operation:


# NFS server ports (TCP and UDP)
2049 - NFS server (main port)
111 - RPC portmapper

For full functionality including file locking and mount operations:


# Statd ports (random by default, can be fixed)
32765-32768 - Status monitor ports
# Lock manager ports (random by default)
30000-30099 - Suggested range for lockd

For Ubuntu's UFW firewall, you can allow these ports with:


sudo ufw allow 2049/tcp
sudo ufw allow 2049/udp
sudo ufw allow 111/tcp
sudo ufw allow 111/udp
sudo ufw allow from [client-ip] to any port 32765:32768
sudo ufw allow from [client-ip] to any port 30000:30099

To make firewall management easier, configure static ports in /etc/default/nfs-common and /etc/default/nfs-kernel-server:


# /etc/default/nfs-kernel-server
RPCMOUNTDOPTS="--manage-gids --port 32767"
STATDOPTS="--port 32765 --outgoing-port 32766"

# /etc/default/nfs-common
STATDOPTS="--port 32765"

After configuration, verify which ports NFS is using with:


rpcinfo -p localhost
sudo netstat -tulnp | grep -E 'nfs|rpc'

When configuring NFS (Network File System) on Ubuntu 11.10, these are the critical ports that must be allowed through your firewall:

# Standard NFS ports
TCP/UDP 111 (portmapper/rpcbind)
TCP/UDP 2049 (nfsd)
TCP/UDP 20048 (mountd)
TCP/UDP 32803 (status/statd)

NFS additionally uses dynamically assigned ports for auxiliary services. You have two approaches to handle this:

# Option 1: Open wide ranges (not recommended for production)
sudo iptables -A INPUT -p tcp --dport 32768:61000 -j ACCEPT
sudo iptables -A INPUT -p udp --dport 32768:61000 -j ACCEPT

# Option 2: Configure static ports (recommended)
echo "options lockd nlm_udpport=32768 nlm_tcpport=32768" | sudo tee -a /etc/modprobe.d/options.conf
echo "STATDOPTS=\"--port 32769\"" | sudo tee -a /etc/default/nfs-common
echo "RPCMOUNTDOPTS=\"-p 32770\"" | sudo tee -a /etc/default/nfs-kernel-server

Here's a sample UFW configuration for NFS with static ports:

sudo ufw allow 111/tcp
sudo ufw allow 111/udp
sudo ufw allow 2049/tcp
sudo ufw allow 2049/udp
sudo ufw allow 32768/tcp
sudo ufw allow 32768/udp
sudo ufw allow 32769/tcp
sudo ufw allow 32769/udp
sudo ufw allow 32770/tcp

After configuration, verify with these commands:

# Show currently used NFS ports
rpcinfo -p

# Check firewall status
sudo ufw status numbered

# Test NFS connectivity from client
showmount -e your.nfs.server.ip

If you encounter problems:

  1. Ensure portmapper is running: sudo service rpcbind restart
  2. Check for conflicts with other services using netstat -tulnp
  3. Verify NFS services are running: sudo service nfs-kernel-server status

Remember to restart services after configuration changes:

sudo service nfs-kernel-server restart
sudo service nfs-common restart