By default, some NFS services (server_side) use well-known ports but some normally just use random ports. The use of random ports does not work so well with strict firewall rules blocking random yet unknown ports. So, sometimes it is best to manually alter or specify static ports for NFS services (server_side) to use.
This post describes how to configure NFS services (server-side) to run on static ports as an alternative.
Overview
NFS services (server-side) include:
- NLM (NFS lock manager or in-kernel lockd)
- rpc.mountd
- rpc.nfsd
- rpc.rquotad
- rpc.statd
Please note lockd and rpc.statd also run on NFS clients. Also, rpc.rquotad is not strictly a part of the NFS family but is used to check quotas on file systems shared by the NFS server and mounted by one or more NFS clients.
With NFSv3, rpc.nfsd interacts with LOCKD/NLM, rpc.mountd, and rpc.statd. However, with NFSv4, all these interactions are now incorporated/consolidated.
For CentOS/RHEL 5 and 6, the nfs-utils RPM ships /etc/sysconfig/nfs as the main NFS (server-side) configuration file. The static ports for rpc.nfsd and rpc.rquotad default to 2049 and 875, respectively, since they are considered well-known ports. Other NFS services (server-side), such as LOCKD/NLM, rpc.mountd, and rpc.statd, normally just use random ports, but /etc/sysconfig/nfs does offer example port values for reference. The example port values are good enough for most scenarios.
# cat /etc/services nfs 2049/tcp nfsd shilp # Network File System nfs 2049/udp nfsd shilp # Network File System rquotad 875/tcp # rquota daemon rquotad 875/udp # rquota daemon
# cat /etc/sysconfig/nfs # TCP port rpc.lockd should listen on. #LOCKD_TCPPORT=32803 # UDP port rpc.lockd should listen on. #LOCKD_UDPPORT=32769 # Port rpc.mountd should listen on. #MOUNTD_PORT=892 # Port rquotad should listen on. #RQUOTAD_PORT=875 # Port rpc.statd should listen on. #STATD_PORT=662 # Outgoing port statd should used. The default is port # is random #STATD_OUTGOING_PORT=2020
Examples of configuring /etc/sysconfig/nfs
To specify LOCKD/NLM to use free static ports, you just uncomment LOCKD_TCPPORT and LOCKD_UDPPORT to set the new port values, then restart the nfs service or the nfslock service.
LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769
To specify rpc.mountd to use a free static port, you just uncomment MOUNTD_PORT to set the new port value, then restart the nfs service.
MOUNTD_PORT=892
To specify rpc.nfsd to use a free static port other than 2049, you just uncomment RPCNFSDARGS to add the new port value, then restart the nfs service.
RPCNFSDARGS="-p 20499"
To specify rpc.rquotad to use a free static port other than 875, you just uncomment RQUOTAD_PORT to set the new port value, then restart the nfs service.
RQUOTAD_PORT=8755
To specify rpc.statd to use free static ports, you just uncomment STATD_PORT and STATD_OUTGOING_PORT to set the new port values, then restart the nfslock service.
STATD_PORT=662 STATD_OUTGOING_PORT=2020
Service Control
Restart the nfs service:
# service nfs restart
Restart the nfslock service:
# service nfslock restart
Verification:
# rpcinfo -p