Linux Iptables Allow NFS Clients to Access the NFS Server

To allow NFS clients to access an NFS server through a Linux firewall using iptables, you will need to open the ports that are used by NFS.

NFS uses the following ports:

• Port 2049: used for NFS file transfers.
• Port 111: used for the Portmap service, which maps RPC program numbers to port numbers.

To allow NFS clients to access an NFS server through a Linux firewall using iptables, you can use the following steps:

1. Allow incoming connections on ports 2049 and 111:

iptables -A INPUT -p tcp --dport 2049 -j ACCEPT
iptables -A INPUT -p udp --dport 2049 -j ACCEPT
iptables -A INPUT -p tcp --dport 111 -j ACCEPT
iptables -A INPUT -p udp --dport 111 -j ACCEPT

2. Save the iptables rules:

service iptables save

This will allow incoming connections on the NFS ports, and allow NFS clients to access the NFS server through the firewall.

Note: These steps will allow all incoming connections on the NFS ports. If you want to restrict access to specific IP addresses or subnets, you can use the -s option to specify the source IP address or subnet. For example:

iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 2049 -j ACCEPT

This will allow incoming connections on port 2049 from the 192.168.1.0/24 subnet.

It's a good idea to regularly review and update your firewall rules to ensure that they are secure and up to date. You can use tools such as iptables-save and iptables-restore to manage and backup your firewall rules.