Step 1
To enable NFS clients to access NFS server we need to enable the following services.
a] TCP/UDP 111 - RPC 4.0 portmapper
b] TCP/UDP 2049 - NFSD (nfs server)
c] Portmap static ports - Dynamic ports defined in /etc/sysconfig/nfs file.
b] TCP/UDP 2049 - NFSD (nfs server)
c] Portmap static ports - Dynamic ports defined in /etc/sysconfig/nfs file.
Port mapper assigns each NFS service to a port dynamically at service startup time. Dynamic ports cannot be protected by port filtering firewalls such as iptables. So we need to configure static ports for port map service
Edit /etc/sysconfig/nfs and add the below mentioned lines
#vim /etc/sysconfig/nfs
RQUOTAD_PORT=875
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
STATD_OUTGOING_PORT=2020
Save the file and restart the service
# service portmap restart
# service nfs restart
# service rpcsvcgssd restart
# service nfs restart
# service rpcsvcgssd restart
Step 2
IP tables configuration for nfs
#iptables -A INPUT -p tcp --dport 110 -j ACCEPT
#iptables -A INPUT -p udp --dport 110 -j ACCEPT
#iptables -A INPUT -p tcp --dport 2049 -j ACCEPT
#iptables -A INPUT -p tcp --dport 662 -j ACCEPT
#iptables -A INPUT -p udp --dport 662 -j ACCEPT
#iptables -A INPUT -p tcp --dport 875 -j ACCEPT
#iptables -A INPUT -p udp --dport 875 -j ACCEPT
#iptables -A INPUT -p tcp --dport 892 -j ACCEPT
#iptables -A INPUT -p udp --dport 892 -j ACCEPT
#iptables -A INPUT -p udp --dport 110 -j ACCEPT
#iptables -A INPUT -p tcp --dport 2049 -j ACCEPT
#iptables -A INPUT -p tcp --dport 662 -j ACCEPT
#iptables -A INPUT -p udp --dport 662 -j ACCEPT
#iptables -A INPUT -p tcp --dport 875 -j ACCEPT
#iptables -A INPUT -p udp --dport 875 -j ACCEPT
#iptables -A INPUT -p tcp --dport 892 -j ACCEPT
#iptables -A INPUT -p udp --dport 892 -j ACCEPT
#iptables -A INPUT -p tcp --dport 32803 -j ACCEPT
#iptables -A INPUT -p udp --dport 32769 -j ACCEPTNow Save and restart iptables
# iptables-save > /etc/sysconfig/iptables
or
#service iptables save
or
#service iptables save
#service iptables restart
Also you can manually edit and /etc/sysconfig/iptables and add the below mentioned line
-A INPUT -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -p udp -m udp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 662 -j ACCEPT
-A INPUT -p udp -m udp --dport 662 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 875 -j ACCEPT
-A INPUT -p udp -m udp --dport 875 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 892 -j ACCEPT
-A INPUT -p udp -m udp --dport 892 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 32803 -j ACCEPT
-A INPUT -p udp -m udp --dport 32769 -j ACCEPT
-A INPUT -p udp -m udp --dport 110 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 662 -j ACCEPT
-A INPUT -p udp -m udp --dport 662 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 875 -j ACCEPT
-A INPUT -p udp -m udp --dport 875 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 892 -j ACCEPT
-A INPUT -p udp -m udp --dport 892 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 32803 -j ACCEPT
-A INPUT -p udp -m udp --dport 32769 -j ACCEPT
#service iptables restart
For other document refer the below links:
iptables basic configuration
iptables for samba, squid
