iptables允許NFS 客戶端訪問NFS服務器
一、設置固定監聽端口
[root@www ~]# vim /etc/sysconfig/nfs
RQUOTAD_PORT=7005
LOCKD_TCPPORT=7004
LOCKD_UDPPORT=7004
MOUNTD_PORT=7002
STATD_PORT=7003
STATD_OUTGOING_PORT=7006
文件未尾增加以上內容
二、重啓服務
[root@www ~]# /etc/init.d/portmap restart
[root@www ~]# /etc/init.d/nfs restart
三、添加iptables規則
[root@www ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Thu Apr 21 10:16:05 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9261:4628978]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 192.168.0.72 -p tcp -m tcp --dport 7002 -j ACCEPT
-A INPUT -s 192.168.0.72 -p tcp -m tcp --dport 7003 -j ACCEPT
-A INPUT -s 192.168.0.72 -p tcp -m tcp --dport 7004 -j ACCEPT
-A INPUT -s 192.168.0.72 -p tcp -m tcp --dport 7005 -j ACCEPT
-A INPUT -s 192.168.0.72 -p tcp -m tcp --dport 7006 -j ACCEPT
-A INPUT -s 192.168.0.72 -p tcp -m tcp --dport 2049 -j ACCEPT
-A INPUT -s 192.168.0.72 -p tcp -m tcp --dport 111 -j ACCEPT
-A INPUT -s 192.168.0.72 -p udp -m udp --dport 7002 -j ACCEPT
-A INPUT -s 192.168.0.72 -p udp -m udp --dport 7003 -j ACCEPT
-A INPUT -s 192.168.0.72 -p udp -m udp --dport 7004 -j ACCEPT
-A INPUT -s 192.168.0.72 -p udp -m udp --dport 7005 -j ACCEPT
-A INPUT -s 192.168.0.72 -p udp -m udp --dport 7006 -j ACCEPT
-A INPUT -s 192.168.0.72 -p udp -m udp --dport 2049 -j ACCEPT
-A INPUT -s 192.168.0.72 -p udp -m udp --dport 111 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -s 192.168.0.6 -p tcp -m tcp --dport 5666 -j ACCEPT
-A INPUT -s 192.168.0.6 -p udp -m udp --dport 161 -j ACCEPT
-A INPUT -m state --state INVALID,NEW -j DROP
COMMIT
# Completed on Thu Apr 21 10:16:05 2011
四、檢查配置
[root@www ~]# rpcinfo -p localhost