[pfSense] NFS through pfSense

Ian Levesque ian at crystal.harvard.edu
Sun May 13 13:13:20 EDT 2012


On May 13, 2012, at 12:38 PM, William D. Armstrong - BSSN wrote:

> I use this for access a nfs solaris 11 from another interface.
>                      DMZ                         LAN
> TCP/UDP 	172.16.42.10 	* 	10.0.1.138 	111 	* 	qACK/qOthersHigh 	  	WWW
> -> SUN Remote Procedure Call
> TCP/UDP 	172.16.42.10 	* 	10.0.1.138 	1110 	* 	qACK/qOthersHigh 	
> 	WWW -> Cluster status info
> TCP/UDP 	172.16.42.10 	* 	10.0.1.138 	2049 	* 	qACK/qOthersHigh 	
> 	WWW -> NFS server daemon
> TCP/UDP 	172.16.42.10 	* 	10.0.1.138 	4045 	* 	qACK/qOthersHigh 	
> 	WWW -> NFS lock daemon manager

That's NFSv4, which is certainly much easier to firewall (that was part of their design decision). Prior version of NFS required use of the portmapper, which is what makes all of this complicated. I know that at my work, our central NAS appliance simply didn't have the feature of specifying static ports for NFSv3 portmapper interactions. So we had to allow based on IP addresses.

~irl 


More information about the List mailing list