I wanted to suggest to add the ports, as listed in the Arch-Wiki link. But Dalto said it wasn’t good (or better go with Services). But when Services don’t suffice, I’d at least give it a try.
i dont know the ports exactly. with ufw its super easy. i give permission by IP from my linuxsatbox and everything works. the rule nfs is 2049 but that doesnt work. In my opinion, there is no point in adding exactly that port.
im running nfsv4 so the arch wiki says exactly give port 2049 free. No other port opening should be required:
@dalto you are my hero for today…thats it. thanks so much!
Edit: as simple as ufw if you know the way 
1 Like
firewalld learning by doing
1 Like
NFS also needs port 111 - rpc-bind.
tried that too. doesnt work. thats why i wanna make a rich rule for ip
Ah yes, just remembered it also needs mountd.
i tried a lot of rules. rbc-bind AND nfs3 plus mountd. nothing worked. the linuxsatbox couldnt find the nfs directories on my pc. Now it works with the rich rule.
But thanks anyway. Maybe I will try that solution other time
1 Like
I needed nfs3 on my server, not nfs4.
FWIW, here’s what worked for me:
$ firewall-cmd --zone="public" --add-service=nfs
...
$ firewall-cmd --zone="public" --add-service=nfs3
...
$ firewall-cmd --zone="public" --add-port=111/tcp
...
$ firewall-cmd --zone="public" --add-port=20048/tcp
...
$ firewall-cmd --info-zone="public"
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client nfs nfs3 ssh
ports: 20048/tcp 111/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
2 Likes
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.