Solaris 10 : Configuring Firewall ports for NFS
Other Learning Articles that you may like to read
Free Courses We Offer
Paid Training Courses we Offer
In order to plan and troubleshoot NFS in the presence of network firewalls, it is vital to understand how NFS network ports operate for NFS v2, v3 and v4.
Methods to use NFS with a firewall
1. Use NFSv4 (Oracle Solaris 10 or Solaris Express), which only uses port 2049 and open port 2049 on the firewall. NFSv4 is stateful (no lockd/statd) and only uses one port.
Oracle Solaris Support recommends that client delegation callback daemon (svc:/network/nfs/cbd) be turned off, as it will attempt communication over an anonymous port.
The following command will disable the nfs client callback daemon:
svcadm disable svc:/network/nfs/cbd
2. Use a firewall that has state engines for the various NFS v2 and v3 protocols (rpcbind, nfsd, lockd, statd, mountd) and configure the firewall accordingly.
3. For a firewall that does not have a state engine for NFS, and if using NFSv2 or NFSv3, open these ports:
111 (rpcbind)
2049 (nfsd)
4045 (lockd)
all anonymous ports (default > 32K, mountd & statd)
This configuration may not satisfy the required network security requirements due to the number of ports required to be open. Please note that this recommendation is controlled by the functions and requirements of NFSv2 and NFSv3.
hey , how to make clinet side port static? is it possible