1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

which ports do i open for nfs?

Discussion in 'Firewalls' started by wonslung, Jun 30, 2009.

  1. wonslung

    wonslung New Member

    Messages:
    850
    Likes Received:
    0
    I did a search before i posted this and i can't seem to find a definitive answer.

    I'm using pf as my firewall, this is a single interface machine without nat. I just need to open the correct nfs listening ports.

    here is my pf.conf SO FAR for this machine.
    i have a second loopback device called lo1 to allow some stuff to communicate between jails (mysql, apache)

    Code:
    #defined services
    tcp_services = "{ssh, smtp, domain, ftp, www, pop3, auth, https, pop3s, 137, 138, 139, 51500, 10000 }"
    udp_services = "{ domain, ftp, ntp, 137, 138, 139, 1900 }"
    
    #interface for all ip's on em0
    int="re0"
    
    #log interface
    
    set loginterface $int
    
    #default block rule
    block all
    
    #allow traffic to/from localhost
    pass in quick on lo0 all
    pass in quick on lo1 all
    pass out quick on lo0 all
    pass out quick on lo1 all
    
    #default pass in for our defined services
    
    pass in on $int proto tcp from any to any port $tcp_services keep state
    pass in on $int proto udp from any to any port $udp_services keep state
    
    
    #pass in for all torrentflux-b4rt services
    pass in quick on $int proto tcp from any to any port 49160:49300 keep state
    
    # allow everything else out
    pass out on $int proto tcp from any to any keep state
    pass out on $int proto udp from any to any keep state
    
     
  2. DutchDaemon

    DutchDaemon Administrator Staff Member Administrator Moderator

    Messages:
    10,622
    Likes Received:
    2
    Usually 111 (tcp/udp) and 2049 (tcp/udp).

    A somewhat more complete list would be:

    Code:
    sunrpc		111/tcp	   rpcbind	#SUN Remote Procedure Call
    sunrpc		111/udp	   rpcbind	#SUN Remote Procedure Call
    nfsd-status	1110/tcp   #Cluster status info
    nfsd-keepalive	1110/udp   #Client status info
    nfsd		2049/tcp   nfs		# NFS server daemon
    nfsd		2049/udp   nfs		# NFS server daemon
    lockd		4045/udp   # NFS lock daemon/manager
    lockd		4045/tcp