Adjusting firewall on NFS server

For NSFv3 and NSFv4, you’ll need to open ports 2049 for NFS and 111 for RPC. For NSFv3, you’ll also need to set static ports for STATD, MNT, and NLM, and then open those ports on your firewall.

Set the static ports for STATD, MNT, and NLM by editing /etc/nfs.conf:

sudo nano /etc/nfs.conf

Enter the following lines in the applicable sections of /etc/nfs.conf:

[...]

[lockd]
port=32768
udp-port=32768

[...]

[mountd]
port=32767

[statd]
port=32766
outgoing-port=32765

[...]

Restart the NFS service to use the static ports you configured:

sudo systemctl restart nfs-kernel-server

Next, edit the NFS app file for ufw:

sudo nano /etc/ufw/applications.d/nfs

Edit the third line so it looks like this:

ports=111,2049,32765,32766,32767,32768/tcp|111,2049,32765,32766,32767,32768/udp

Save your changes and exit the file. Then, update ufw with the changes you’ve made to the app file and reload ufw:

sudo ufw app update nfs
sudo ufw reload
sudo ufw disable
sudo ufw enable

Use the following command to open the ports for NFS, but use your client IP address instead of client_ip:

sudo ufw allow from client_ip to any port nfs

For example:

sudo ufw allow from 192.168.100.0/24 to any port nfs

You can verify your firewall configuration by executing:

sudo ufw status verbose

Confirm that UFW will only allow NFS traffic on ports 111, 2049, 32765, 32766, 32767, 32768 from your client machines in the subnet 192.168.100.0/16:

Status: active

To                         Action      From
--                         ------      ----
111,2049,32765,32766,
32767,32768                ALLOW       192.168.100.0/16 

Next: Mount points on client machine

1 2 3