I’m trying to set up a NFS server on ClearLinux. I use Proxmox for virtualisation and its build in Firewall. I’ve opened ports 111 and 2049 for both TCP and UDP in said firewall. When using nmap I can see the open ports 111 and 2049 of that CL system. After restarting the server, I tried to see the mount points with showmount -e, but I received the error message “rpc mount export: RPC: Timed out”.
When I disable the Proxmox firewall entirely, I can see the mount point, which indicates that the services on ClearLinux are running fine. However, I need the Firewall to remain active for security reasons.
I’ve also tried specifying static ports for mountd, statd, and lockd in the /etc/sysconfig/nfs file and opened these ports in the firewall too.
The content of my /etc/sysconfig/nfs file is as follows:
When opening the port 50601/tcp in the Proxmox firewall (its really no issue with the firewall) I can see the mount point too. Sadly, the port changes dynamically when rebooting.
TL;DR:
How can I assign a static port for mountd in ClearLinux? (/etc/sysconfig/nfs did not work!)
I have not used nfs for a long time, but I just performed a man page display it appears you can set the port of the services in the /etc/fstab and the settings should be sticky, hereare the options:
Options for NFS versions 2 and 3 only
Use these options, along with the options in the above subsection, for NFS versions 2 and 3 only.
proto=netid The netid determines the transport that is used to communicate with the NFS server. Available options are udp, udp6, tcp, tcp6, rdma, and
rdma6. Those which end in 6 use IPv6 addresses and are only available if support for TI??RPC is built in. Others use IPv4 addresses.
Each transport protocol uses different default retrans and timeo settings. Refer to the description of these two mount options for details.
In addition to controlling how the NFS client transmits requests to the server, this mount option also controls how the mount(8) command
communicates with the server??s rpcbind and mountd services. Specifying a netid that uses TCP forces all traffic from the mount(8) command
and the NFS client to use TCP. Specifying a netid that uses UDP forces all traffic types to use UDP.
Before using NFS over UDP, refer to the TRANSPORT METHODS section.
If the proto mount option is not specified, the mount(8) command discovers which protocols the server supports and chooses an appropriate
transport for each service. Refer to the TRANSPORT METHODS section for more details.
udp The udp option is an alternative to specifying proto=udp. It is included for compatibility with other operating systems.
Before using NFS over UDP, refer to the TRANSPORT METHODS section.
tcp The tcp option is an alternative to specifying proto=tcp. It is included for compatibility with other operating systems.
rdma The rdma option is an alternative to specifying proto=rdma.
port=n The numeric value of the server??s NFS service port. If the server??s NFS service is not available on the specified port, the mount request
fails.
If this option is not specified, or if the specified port value is 0, then the NFS client uses the NFS service port number advertised by the
server??s rpcbind service. The mount request fails if the server??s rpcbind service is not available, the server??s NFS service is not regis??
tered with its rpcbind service, or the server??s NFS service is not available on the advertised port.
mountport=n The numeric value of the server??s mountd port. If the server??s mountd service is not available on the specified port, the mount request
fails.
If this does not work, the settings might have to be set via customs rules set via the /etc/systemd/…
for the nfs service, I would look at what is done on Ubuntu to address this issue.
The syntax and file names you are trying to use for configuration could be no longer valid. You can look in the /run or /var directory of the syntax of how your device is setup i.e. Do not modify these files
they are setup by the operating system, but that are configuration files with the correct syntax.
ls -l /run/nfs/
total 0
-rw-r–r-- 1 root root 0 Dec 22 18:04 etab
-rw-r–r-- 1 root root 0 Dec 22 18:04 rmtab
drwx------ 2 root root 40 Dec 22 18:04 sm
drwx------ 2 root root 40 Dec 22 18:04 sm.bak
-rw------- 1 root root 0 Dec 22 18:04 state
-rw-r–r-- 1 root root 0 Dec 22 18:04 xtab
-o, --outgoing-portport
Specifies the source port number the sm-notify command should use when sending reboot notifications. See sm-notify(8) for details. -p, --portport
Specifies the port number used for RPC listener sockets. If this option is not specified, rpc.statd chooses a random ephemeral port for each listener socket.
This option can be used to fix the port value of its listeners when SM_NOTIFY requests must traverse a firewall between clients and servers.
Save the changes and close the text editor.
Step 2: Configure the rpc.mountd Service
Open the NFS server (nfs-mountd.service) service file: