Firewall open ports for NFS

For better NFS security you should use firewall, however many folks experience a lot of problems if they are running NFS behind the firewall. Below, we have compiled the required ports (default) that you need to open in your firewall to let NFS traffic pass:

You can check out “listening” ports with rpcinfo -p command:

   program vers proto   port
100000    2   tcp    111  portmapper
100000    2   udp    111  portmapper
100024    1   udp  14758  status
100024    1   tcp  29024  status
100021    1   udp  55776  nlockmgr
100021    3   udp  55776  nlockmgr
100021    4   udp  55776  nlockmgr
100021    1   tcp  11796  nlockmgr
100021    3   tcp  11796  nlockmgr
100021    4   tcp  11796  nlockmgr
100003    2   tcp   2049  nfs
100003    3   tcp   2049  nfs
100003    4   tcp   2049  nfs
100003    2   udp   2049  nfs
100003    3   udp   2049  nfs
100003    4   udp   2049  nfs
100005    1   udp  21081  mountd
100005    1   tcp  47089  mountd
100005    2   udp  21081  mountd
100005    2   tcp  47089  mountd
100005    3   udp  21081  mountd
100005    3   tcp  47089  mountd

Required open ports:

TCP: 111, 29024, 11796, 2049, 47089
UDP: 111, 14758, 55776, 2049, 21081


Leave a Reply