Security

How to Open Firewall for NFS Share in Linux

NFS is a distributed file system protocol that lets users mount remote files and directories on their systems. It works in a client-server environment where the server shares part of its file system and clients access the shared files and directories. It lets the client view and store their files on a remote system as if they were on their system.

This guide will describe how to open a firewall for NFS share in Linux OS. Remember, you will need sudo privilege to allow/block any connection in the Linux firewall.

Open Firewall for NFS share

When you install an NFS server, you have to allow connections from the clients to the NFS server. NFS listens on TCP port 2049. By default, the firewall blocks the incoming connections to port 2049. Therefore, you will have to configure the firewall on your NFS server to allow incoming connections to this port.

For Ubuntu/Debian/Mint

Ubuntu ships with a default firewall utility known as ufw, which manages the incoming and outgoing requests.

To verify if ufw is running or not, issue the command below in your terminal prompt:

$ sudo ufw status

If the firewall is active, you should see the Status: active in the output. Also, it will list the pre-configured rules, if any.

In ufw, you can open a port by its port number or the application name. For instance, to open port 2049 on your NFS server, you can use the command below in your Terminal prompt:

$ sudo ufw allow nfs

To verify if the rule has been added, issue the command below in the Terminal:

$ sudo ufw status

You should see the rule added in the output.

For CentOS/Fedora/Redhat/OpenSUSE

This method is for the Linux distributions using the firewalld firewall in their systems. Firewalld firewall can be managed through the firewall-cmd utility.

To verify if firewalld is running, issue the command below in your Terminal prompt:

$ sudo firewall-cmd --state

In order to open port 2049 on your NFS server, use the command below in your Terminal prompt:

$ sudo firewall-cmd --permanent --add-port=2049/tcp

The —permanent option in the above command indicates that the rule will be added to the permanent configurations. This command will add the rule in the default zone of your firewall. To see which zone is currently configured as the default, you can use the below command in Terminal:

$ firewall-cmd --get-default-zone

You will see the output like this showing you the default zone, which in our case is public.

After permanently adding the rules, you will need to reload the firewall to test if the rule will remain effective after the system reboot or the firewall service reload:

$ sudo firewall-cmd --reload

Now to verify if the rule has been successfully added, issue the below command in the Terminal:

$ sudo firewall-cmd --permanent --list-ports

The output below verifies that the NFS port 2049 has been allowed in the firewall.

That is all there is to it! By following the procedure shared in this guide, you can easily open a firewall for NFS share in Linux OS. Now client systems can easily access the shared directories.

About the author

Karim Buzdar

Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. He blogs at LinuxWays.