问题描述

没有iptables规则，我可以挂载NFSSERVER:/PATH，但是启用它(firewall/iptables)后，我将无法挂载.

Without iptables rules I am able to mount my NFSSERVER:/PATH but with it(firewall/iptables) enabled I am not able to mount.

[.e.g., after iptables --flush/ firewaalld stop ; mount NFSSERVER:/Path works ]

我不应该禁用/清除firewall/iptables，但可以打开一个端口.打开端口/安装需要添加什么规则?

I am not supposed to disable/clear the firewall/iptables but I am allowed to open a port. What is the rule that I need to add to open up the port/mount?

当前默认策略为DROP all INCOMING/OUTGOING/FORWARD，并且有几条规则允许来自外部80端口等的wget.

Current default policy is DROP all INCOMING/OUTGOING/FORWARD and there are couple of rules to allow wget from external 80 port etc.,

添加NFS服务器端口没有帮助.

adding the NFS Server port didnt help.

iptables -A OUTPUT -p tcp --dport 2049 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 2049 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --dport 2049 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --sport 2049 -m state --state ESTABLISHED -j ACCEPT

谢谢.

PS:这是为nfs客户端而不是NFS服务器计算机而设计的.

PS: This is for nfs client not NFS server machine.

推荐答案

如果您需要的只是NFS版本4(已经有10多年的历史了)，则无需进行@中描述的所有工作. Sathish的答案.只需确保TCP端口2049已打开服务器的防火墙，并且客户端的防火墙允许出站服务器上的端口2049的出站通信即可.

If all you need is NFS version 4 (which is already over 10 years old), you don't need to go to all of the effort described in @Sathish's answer. Just make sure TCP port 2049 is open the server's firewall, and that the client's firewall allows outbound traffic to port 2049 on the server.

CentOS 5(也很旧)有一个不错的说明为什么NFSv4比v3和v2更防火墙友好.

CentOS 5 (also old) has a nice explanation of why NFSv4 is more firewall friendly than v3 and v2.

这篇关于NFS服务器和NFS客户端的Iptables规则的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！