Firewalld client share in firewall

General system Applications
1

hello, hopefully it works with my nearly perfect english :upside_down_face:

i have firewalld running on my pc and would like to enable my linuxbox for satellite tv.

PC 192.168.178.22
Linuxbox 192.168.178.21

how can i share my linuxbox with ip address in the firewalld?
i always had ufw/gufw running. But since my reinstallation I stay with firewalld.

the background is: i have my pc running as nfs server and want to access the nfs directories with my linuxbox. The linuxbox ‘sees’ the PC but I can not open the nfs directories. with the ufw it was relatively simple to share the complete ip address, with firewalld I have no experience
sharing as nfs or nfs3 default does not work. on inquiry in the forum of the linuxbox one said to me, release the box in the firewall. as said, works with ufw perfectly. i have as said no experience with firewalld. i just don’t know how to set an ip4 rule

1 Like
2

You can check the box for NFS in firewalld to open the ports used by NFS. More detailed instructions are in the wiki:
https://discovery.endeavouros.com/applications/firewalld/2022/03/

3

i had these ports open. this does not work. so my question is how to share an ip address

4

Did you take a look here?
https://wiki.archlinux.org/title/NFS#Firewall_configuration

:point_up: edited!

5

If opening NFS doesn’t work, something is wrong. You don’t need to also add the IP,

6

I have created the nfs server according to exactly these instructions.
as soon as I turn off firewalld I also have access to the directories

i have not read this…shame on me.

I will get back to you :laughing:

7

You definitely don’t want to do that if you are running firewalld. That is if you are using raw iptables.

8

Yes, but the service (protocol) and ports can be allowed/disallowed in firewalld all the same. No?

Edit:
Silly me, I thought firewalld was using iptables! So wrong!

nftables are being used, instead!

9

In firewalld, there is literally a checkbox for NFS. You don’t need much else.

10

nfs
nfs886×804 89 KB 

❯ rpcinfo -p | grep nfs
    100003    3   tcp   2049  nfs
    100003    4   tcp   2049  nfs
    100227    3   tcp   2049  nfs_acl

open ports on firewalld labeled with nfs are 2049.

the way i understood nftables i can’t share ip address. If dont find a solution i probably go back to ufw

11

Did you try checking nfs as well?

It looks like you change the permanent config but did you reload it so the runtime config is changed?

12

i have done everything. test in runtime, changed to permanent and reload everytime.

13

nfs is just tcp port while nfs3 tcp AND udp.
And yes, i checked both

14

Do you have additional options for opening ports on the Ports tab of the firewalld window?

15

Try checking the box for rpcbind. I think some clients require that to be open as well.

16

It is better to add a service than do it that way.

18

doesnt works. i will have to work through some rules until i get a release

19

this is really crazy. i don’t know a way out. with samba or ssl i can communicate without problems with firewalld on.
there must be a way to get the nfs protocol running. i have now released all the rules but unfortunately no success.

since i can’t find a way to share a single ip address i will probably use ufw again.

20

@swh Have you tried what Dalto suggested?

21

Of course. i checked mostly every rule then reload firewalld but i have no connection to my pc from my linuxsatbox