We have setup iptables which allows TCP/UDP port 111 2049 32769 32803 892
.. i made following changes in /etc/sysconfig/nfs
RPCMOUNTDOPTS="-p 892"
and
/etc/sysctl.conf
fs.nfs.nlm_tcpport=32803
fs.nfs.nlm_udpport=32769
as per given in redhat documentation to run nfs behind firewall in Redhat/Centos 7
still nfs is not binding to this provided port and takes any random port which restrict any client to connect to nfs because of iptables .. we can not stop iptables ..
tried with rpc.mountd -p 892 this command but seems to be not working ..
o/p – rpcinfo -p
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100024 1 udp 46390 status
100024 1 tcp 38521 status
100005 1 udp 20048 mountd
100005 1 tcp 20048 mountd
100005 2 udp 20048 mountd
100005 2 tcp 20048 mountd
100005 3 udp 20048 mountd
100005 3 tcp 20048 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100003 3 udp 2049 nfs
100003 4 udp 2049 nfs
100227 3 udp 2049 nfs_acl
100021 1 udp 40472 nlockmgr
100021 3 udp 40472 nlockmgr
100021 4 udp 40472 nlockmgr
100021 1 tcp 35454 nlockmgr
100021 3 tcp 35454 nlockmgr
100021 4 tcp 35454 nlockmgr
any help regarding to this world be appreciated.
Best Answer
Well, /usr/lib/systemd/system/nfs-mountd.service calls rpc.mountd with a $RPCMOUNTDARGS option which differs from RPCMOUNTDOPTS in /etc/sysconfig/nfs.
There's another service called nfs-config.service which preprocess NFS configuration and puts it's output to /run/sysconfig/nfs-utils and RPCMOUNTDOPTS translates to RPCMOUNTDARGS.
The nfs.service though it does not recall nfs-config when a stop/start or restart is used so the config from /etc/sysconfig/nfs does not update /run/sysconfig/nfs-utils.
The solution is simple, run 'systemctl restart nfs-config' before restarting nfs.service.