Friday, 17th of December 2010 at 08:05:19 PMUsing NFS between two machines on the same network is usually free of hassle, so the default behaviour – on Linux, at least – is fine and can be left as it is. However, in a commercial setting (such as the ones I manage in my day job) it’s often the case that the machines might not be on the same network – or even in the same location, for that matter. It’s likely that there’s a number of network devices in between the machines, and the way NFS uses portmap can sometimes make things frustrating.
Luckily, it’s really easy to fix.
On RedHat-based systems, it’s a case of editing /etc/sysconfig/nfs. In there, by default you’ll find quite a few <service>_PORT=<port> entries, but they’re hashed out. For example:-
# Port rpc.statd should listen on. #STATD_PORT=662
You can go ahead and uncomment the line, or if you wish you can change the port. Repeat this for the other <service>_PORT entries as required – you’ll want to do LOCKD_TCPPORT (if you’re using TCP), LOCKD_UDPPORT (if you’re using UDP), MOUNTD_PORT and STATD_PORT.
Once you’re happy, restart the services:-
/sbin/service portmap restart /sbin/service nfs restart
Running rpcinfo -p should show the various NFS services now running on the ports specified in /etc/sysconfig/nfs:-
[root@nfs-server ~]# rpcinfo -p program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100011 1 udp 875 rquotad 100011 2 udp 875 rquotad 100011 1 tcp 875 rquotad 100011 2 tcp 875 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100021 1 udp 32769 nlockmgr 100021 3 udp 32769 nlockmgr 100021 4 udp 32769 nlockmgr 100021 1 tcp 32803 nlockmgr 100021 3 tcp 32803 nlockmgr 100021 4 tcp 32803 nlockmgr 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 892 mountd 100005 1 tcp 892 mountd 100005 2 udp 892 mountd 100005 2 tcp 892 mountd 100005 3 udp 892 mountd 100005 3 tcp 892 mountd
Firewall rules should be somewhat easier to manage now.
For Debian and Ubuntu systems, you might find this link useful.
This is really useful… came second in my google search for 892/TCP. Will really help me understand and transcribe this rulebase someones filled full of gibberish.