OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: jinnicky on May 30, 2018, 05:09:40 pm

Title: nfs access to server above the firewall
Post by: jinnicky on May 30, 2018, 05:09:40 pm
I have a test bed set up on my local network. 

my local network  server1

fire1 wan -->my local net
        lan  -->test1

fire2 wan -->my local net
        lan  --> test2

I'm trying to nfs mount one of the shares on server1 on each of the test machines.  Journalctl on server1 shows that the mount request was refused because of an illegal port.  The port changes each time I try and is a very high number.  The ip address of the request was the wan ip of my firewall which is ok.  I should be able to have test1 and test2 each access the shared files on server1.

Test1, test2 and server1 are all running Debian stretch

So the question is: What do I have to do to set this up?

I'm very new to OPNsense and BSD.  I've been using firewalls for a long time starting with Smoothwall->ipcop-ipfire. 
Title: Re: nfs access to server above the firewall
Post by: bartjsmit on May 30, 2018, 10:13:09 pm
Do you have different subnets or are the firewalls bridged? If routed, do you use NAT?

What does cat /proc/fs/nfsd/versions give you on the NFS server?

Bart...
Title: Re: nfs access to server above the firewall
Post by: jinnicky on May 30, 2018, 10:42:31 pm
cat /proc/fs/nfsd/versions
-2 +3 +4 +4.1 +4.2

The wan address on fire1 is 192.168.143.125, fire2 and test2 are not powered on.
The lan address of test1 is 192.168.22.101 (fire1 lan ip is 192.168.22.1)
Server1 is at 192.168.143.10

The firewalls are using DHCP to get their wan IP addresses on the 192.168.143.0/24 network
Title: Re: nfs access to server above the firewall
Post by: bartjsmit on May 31, 2018, 10:30:29 pm
Set the server and the client to use NFS version 4. This removes the need for random high ports.

Allow 111/TCP, 111/UDP, 2049/TCP, and 2049/UDP through each firewall to the server

Bart...