[pfSense] NFS through pfSense

William D. Armstrong - BSSN biosystems at gmail.com
Sun May 13 17:44:56 EDT 2012


I use a nfsv3 and I forgotten a say in advanced tabs ->  firewall/nat
I check  ' IP Do-Not-Fragment compatibility " and uncheck all
reflection check box.


- = - = - = - = - = - = - = - = - = -
<----.      Of course it runs         William David Armstrong
<----|==========================   Bio Systems Security Networking
<----'          FreeBSD           MSN / GT  biosystems  gmail . com
 http://biosystems.ath.cx:8080/  http://biosystems.broker.freenet6.net/
--------------------------------------


2012/5/13 Michael Schuh <michael.schuh at gmail.com>:
>
>
> 2012/5/13 Michael Schuh <michael.schuh at gmail.com>
>>
>>
>>
>> 2012/5/13 Ian Levesque <ian at crystal.harvard.edu>
>>>
>>>
>>> On May 13, 2012, at 12:38 PM, William D. Armstrong - BSSN wrote:
>>>
>>> > I use this for access a nfs solaris 11 from another interface.
>>> >                      DMZ                         LAN
>>> > TCP/UDP       172.16.42.10    *       10.0.1.138      111     *
>>> > qACK/qOthersHigh                WWW
>>> > -> SUN Remote Procedure Call
>>> > TCP/UDP       172.16.42.10    *       10.0.1.138      1110    *
>>> > qACK/qOthersHigh
>>> >       WWW -> Cluster status info
>>> > TCP/UDP       172.16.42.10    *       10.0.1.138      2049    *
>>> > qACK/qOthersHigh
>>> >       WWW -> NFS server daemon
>>> > TCP/UDP       172.16.42.10    *       10.0.1.138      4045    *
>>> > qACK/qOthersHigh
>>> >       WWW -> NFS lock daemon manager
>>>
>>> That's NFSv4, which is certainly much easier to firewall (that was part
>>> of their design decision). Prior version of NFS required use of the
>>> portmapper, which is what makes all of this complicated. I know that at my
>>> work, our central NAS appliance simply didn't have the feature of specifying
>>> static ports for NFSv3 portmapper interactions. So we had to allow based on
>>> IP addresses.
>>>
>>> ~irl
>>> _______________________________________________
>>> List mailing list
>>> List at lists.pfsense.org
>>> http://lists.pfsense.org/mailman/listinfo/list
>>
>>
>> *bump*
>> i thought the whole time he would know about:
>>
>> cat /etc/services| egrep "^.*(rpc.*|portmap|nfs).*$"
>> sunrpc 111/tcp portmapper # RPC 4.0 portmapper
>> sunrpc 111/udp portmapper
>> rpc2portmap 369/tcp
>> rpc2portmap 369/udp # Coda portmapper
>> courier 530/tcp rpc
>> nfs 2049/tcp # Network File System
>> nfs 2049/udp # Network File System
>>
>> and aks for something else....rofl
>> sorry my bad, but i think it got a funny solution
>> (of course with more overhead and more possible error sources - everything
>> has his price)
>>
>
> ehhh - sorry forgot to mention to use google before you contact a support
> list
> http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=nfs+ports+freebsd
>
> the first result leads exactly to what you searched for. ;-)
>
> --
> = = =  http://michael-schuh.net/  = = =
> Projektmanagement - IT-Consulting - Professional Services IT
> Michael Schuh
> Postfach 10 21 52
> 66021 Saarbrücken
> phone: 0681/8319664
> mobil:  0175/5616453
> @: m i c h a e l . s c h u h @ g m a i l . c o m
>
> = = =  Ust-ID:  DE251072318  = = =
>
> _______________________________________________
> List mailing list
> List at lists.pfsense.org
> http://lists.pfsense.org/mailman/listinfo/list
>


More information about the List mailing list