Here is a quick guide how to present and mount an NFS share in RedHat / CentOS including Iptables configuration. By default Iptables blocks the ports required to connect to an NFS server, although the NFS server mainly uses UDP/TCP ports 111 and 2049 there are other ports that need to be open. The problem is that these ports change on every reboot and it makes it impossible to set a firewall rule, you may get the following message if you try to run “showmounte -e” on another Linux machine if the iptable ports are not configured correctly. Here is the famous error that shows up if the Iptables is not configured correctly.
“clnt_create: RPC: Port mapper failure – Unable to receive: errno 113 (No route to host)”
Presenting an NFS share
yum -y install nfs*
mkdir /nfs
vi /etc/exports
/nfs 192.168.1.0/255.255.255.0(rw,sync,no_root_squash)
chkconfig nfs on
chkconfig rpcbind on
service nfs restart
service rpcbind restart
service iptables stop
From another Linux machine, mount the NFS share
yum -y install nfs*
showmount -e 192.168.1.2
mkdir /mnt/NFS_SHARE
mount 192.168.1.2:/nfs /mnt/NFS_SHARE
df -h
Additional Notes:
We have disabled the firewall to get this to work, here is how to properly configure the NFS server and configure a firewall rule for it. These steps will make sure that the change is persistent across reboots and the ports never change.
Adjust the NFS configuration to use static ports otherwise the ports will change on every reboot
vi /etc/sysconfig/nfs
Uncomment the below lines and save the file
LOCKD_TCPPORT=32803
LOCKD_UDPPORT=32769
MOUNTD_PORT=892
STATD_PORT=662
Add these rules to your firewall.
iptables -I INPUT -p udp -m state --state NEW -m udp --dport 111 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
iptables -I INPUT -p udp -m state --state NEW -m udp --dport 662 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 662 -j ACCEPT
iptables -I INPUT -p udp -m state --state NEW -m udp --dport 875 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 875 -j ACCEPT
iptables -I INPUT -p udp -m state --state NEW -m udp --dport 892 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 892 -j ACCEPT
iptables -I INPUT -p udp -m state --state NEW -m udp --dport 2049 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 2049 -j ACCEPT
iptables -I INPUT -p udp -m state --state NEW -m udp --dport 32769 -j ACCEPT
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport 32803 -j ACCEPT
service iptables save
service nfs restart
service rpcbind restart
service iptables restart
To mount the NFS share on start up run the below command
echo “192.168.1.2:/nfs /mnt/NFS_SHARE nfs defaults,_netdev 0 0″ >> /etc/fstab
If you add additional shares to the /etc/exports file run the below command to re-load the file
exportfs -ra