NFS服务器和NFS客户端的Iptables规则 [英] Iptables Rules for NFS Server and NFS Client
问题描述
没有iptables规则,我可以挂载NFSSERVER:/PATH,但是启用它(firewall/iptables)后,我将无法挂载.
Without iptables rules I am able to mount my NFSSERVER:/PATH but with it(firewall/iptables) enabled I am not able to mount.
[.e.g., after iptables --flush/ firewaalld stop ; mount NFSSERVER:/Path works ]
我不应该禁用/清除firewall/iptables,但可以打开一个端口.打开端口/安装需要添加什么规则?
I am not supposed to disable/clear the firewall/iptables but I am allowed to open a port. What is the rule that I need to add to open up the port/mount?
当前默认策略为DROP all INCOMING/OUTGOING/FORWARD,并且有几条规则允许来自外部80端口等的wget.
Current default policy is DROP all INCOMING/OUTGOING/FORWARD and there are couple of rules to allow wget from external 80 port etc.,
添加NFS服务器端口没有帮助.
adding the NFS Server port didnt help.
iptables -A OUTPUT -p tcp --dport 2049 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --sport 2049 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --dport 2049 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp --sport 2049 -m state --state ESTABLISHED -j ACCEPT
谢谢.
PS:这是为nfs客户端而不是NFS服务器计算机而设计的.
PS: This is for nfs client not NFS server machine.
推荐答案
如果您需要的只是NFS版本4(已经有10多年的历史了),则无需进行@中描述的所有工作. Sathish的答案.只需确保TCP端口2049已打开服务器的防火墙,并且客户端的防火墙允许出站服务器上的端口2049的出站通信即可.
If all you need is NFS version 4 (which is already over 10 years old), you don't need to go to all of the effort described in @Sathish's answer. Just make sure TCP port 2049 is open the server's firewall, and that the client's firewall allows outbound traffic to port 2049 on the server.
CentOS 5(也很旧)有一个不错的说明为什么NFSv4比v3和v2更防火墙友好.
CentOS 5 (also old) has a nice explanation of why NFSv4 is more firewall friendly than v3 and v2.
这篇关于NFS服务器和NFS客户端的Iptables规则的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
