[pfSense] NFS through pfSense

Michael Schuh michael.schuh at gmail.com
Sun May 13 17:20:07 EDT 2012


2012/5/13 Michael Schuh <michael.schuh at gmail.com>

>
>
> 2012/5/13 Ian Levesque <ian at crystal.harvard.edu>
>
>>
>> On May 13, 2012, at 12:38 PM, William D. Armstrong - BSSN wrote:
>>
>> > I use this for access a nfs solaris 11 from another interface.
>> >                      DMZ                         LAN
>> > TCP/UDP       172.16.42.10    *       10.0.1.138      111     *
>> qACK/qOthersHigh                WWW
>> > -> SUN Remote Procedure Call
>> > TCP/UDP       172.16.42.10    *       10.0.1.138      1110    *
>> qACK/qOthersHigh
>> >       WWW -> Cluster status info
>> > TCP/UDP       172.16.42.10    *       10.0.1.138      2049    *
>> qACK/qOthersHigh
>> >       WWW -> NFS server daemon
>> > TCP/UDP       172.16.42.10    *       10.0.1.138      4045    *
>> qACK/qOthersHigh
>> >       WWW -> NFS lock daemon manager
>>
>> That's NFSv4, which is certainly much easier to firewall (that was part
>> of their design decision). Prior version of NFS required use of the
>> portmapper, which is what makes all of this complicated. I know that at my
>> work, our central NAS appliance simply didn't have the feature of
>> specifying static ports for NFSv3 portmapper interactions. So we had to
>> allow based on IP addresses.
>>
>> ~irl
>> _______________________________________________
>> List mailing list
>> List at lists.pfsense.org
>> http://lists.pfsense.org/mailman/listinfo/list
>>
>
> *bump*
> i thought the whole time he would know about:
>
> cat /etc/services| egrep "^.*(rpc.*|portmap|nfs).*$"
> sunrpc 111/tcp portmapper # RPC 4.0 portmapper
> sunrpc 111/udp portmapper
> rpc2portmap 369/tcp
> rpc2portmap 369/udp # Coda portmapper
> courier 530/tcp rpc
> nfs 2049/tcp # Network File System
> nfs 2049/udp # Network File System
>
> and aks for something else....rofl
> sorry my bad, but i think it got a funny solution
> (of course with more overhead and more possible error sources - everything
> has his price)
>
>
ehhh - sorry forgot to mention to use google before you contact a support
list
http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=nfs+ports+freebsd

the first result leads exactly to what you searched for. ;-)

-- 
= = =  http://michael-schuh.net/  = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil:  0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o m

= = =  Ust-ID:  DE251072318  = = =
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pfsense.org/pipermail/list/attachments/20120513/c03497db/attachment-0001.html>


More information about the List mailing list