firewalld and NFS

[chrisdornan]

I have been trying to configure the CEntOS 7 firewall with no success.

I can export a file system, but not when the firewall is enabled. I started by enabling the rpc-bind and nfs services with firewall-config (both running and permanent configurations) with no success.

The upstream documentation https://access.redhat.com/documentation ... all-config looks suspiciously unchanged from the previous release and does not appear to line up the the /etc/sysconfig/nfs file. Nevertheless I added the mountd and statd port bindings in the nfs configuration files and extended the ports associated with the NFS service in firewall-config and rebooted the system -- still no luck.

(It would be nice to get an aggregated list of the current inbound ports that are unblocked on the firewall -- or even on a zone -- does anybody know how to do this?)

I have given up for now and just disabled the firewall -- which I can work with, but it would be nice to know how to put NFS behind a C7 firewall.

[bertan]

It works okay for me with firewall enabled. See the section "Open firewall" on http://members.shaw.ca/bertan/set-up-nf ... tos-7.html

[chrisdornan]

Thanks @bertan, your notes were clear -- I was missing the "mountd" service in the firewall-config.

Now it is working for me too -- with mounts working across the firewall.