Showing results for 
Search instead for 
Did you mean: 

Passing NFS Mounts through the firewall?

Unix envronment on both sides of the firewall ...

   trying to pass NFS mount acros the firewall ...

   seems like I should just have to open ports for NFS (proxy) and SunRPC (proxy) from one side of teh firewall to the other ..

   but get "RPC call error" on the host behind the firewall.

I can see sunRPC sending out to the get the mount point,

   I can see sunRPC sending out a query to using port 2049 (shouldn't that be an NFS request, not a SUnRPC request?) ...

   but not seeing any responses coming back in the audit logs

anybody got NFS working across your firewall?  Thanks.

3 Replies
Level 14
Report Inappropriate Content
Message 2 of 4

Re: Passing NFS Mounts through the firewall?


When you say you can 'see' these things, are you looking in the audit or in tcpdumps?

The firewall does not audit every single packet, so if you see a packet in the audit but don't see a reply packet in the audit that's not a concern, necessarily

If you are looking at tcpdumps on the firewall and you see a packet come in, traverse the firewall, leave the firewall, but no reply comes back, then you have an issue somewhere else on your network.  If you see packets go through the firewall and a reply comes back to one side of the firewall but doesn't go back out the other side, then the firewall could be at fault (or it's routing the packet somewhere else, i.e. not out the interface you're doing a tcpdump on).

I would take tcpdumps on the incoming and outgoing interfaces of the firewall.  Does each packet that comes in leave the other side of the firewall?  Do responses come back?

Re: Passing NFS Mounts through the firewall?

Doh!  I was looking in the audit reports ... will try tcpdump tomorrow.  Thanks for the reminder!  (Been several weeks since I last worked in the firewall and , I swear, you gotta practically retriain me after that long!)

Level 10
Report Inappropriate Content
Message 4 of 4

Re: Passing NFS Mounts through the firewall?

Don't forget that you can take packet captures in the UI (Admin Console and ControlCenter).