28.1.22. /etc/sysconfig/nfs

28.1.22. /etc/sysconfig/nfs

NFS requires the portmap, which dynamically assigns ports for RPC services. This causes problems for configuring firewall rules. To overcome this problem, use the /etc/sysconfig/nfs file to control which ports the required RPC services run on.

The /etc/sysconfig/nfs may not exist by default on all systems. If it does not exist, create it and add the following variables (alternatively, if the file exists, un-comment and change the default entries as required):

MOUNTD_PORT="x"

control which TCP and UDP port mountd (rpc.mountd) uses. Replace x with an unused port number.

STATD_PORT="x"

control which TCP and UDP port status (rpc.statd) uses. Replace x with an unused port number.

LOCKD_TCPPORT="x"

control which TCP port nlockmgr (rpc.lockd) uses. Replace x with an unused port number.

LOCKD_UDPPORT="x"

control which UDP port nlockmgr (rpc.lockd) uses. Replace x with an unused port number.

If NFS fails to start, check /var/log/messages. Normally, NFS will fail to start if you specify a port number that is already in use. After editing /etc/sysconfig/nfs restart the NFS service by running the service nfs restart command. Run the rpcinfo -p command to confirm the changes.

To configure a firewall to allow NFS:

  1. Allow TCP and UDP port 2049 for NFS.

  2. Allow TCP and UDP port 111 (portmap/sunrpc).

  3. Allow the TCP and UDP port specified with MOUNTD_PORT="x"

  4. Allow the TCP and UDP port specified with STATD_PORT="x"

  5. Allow the TCP port specified with LOCKD_TCPPORT="x"

  6. Allow the UDP port specified with LOCKD_UDPPORT="x"


Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.