`/etc/sysconfig/nfs`

NFS requires portmap, which dynamically assigns ports for RPC services. This causes problems for configuring firewall rules. To overcome this problem, use the /etc/sysconfig/nfs file to control which ports the required RPC services run on.

The /etc/sysconfig/nfs may not exist by default on all systems. If it does not exist, create it and add the following variables (alternatively, if the file exists, un-comment and change the default entries as required):

MOUNTD_PORT=x: control which TCP and UDP port mountd (rpc.mountd) uses. Replace x with an unused port number.

STATD_PORT=x: control which TCP and UDP port status (rpc.statd) uses. Replace x with an unused port number.
LOCKD_TCPPORT=x: control which TCP port nlockmgr (rpc.lockd) uses. Replace x with an unused port number.
LOCKD_UDPPORT=x: control which UDP port nlockmgr (rpc.lockd) uses. Replace x with an unused port number.

If NFS fails to start, check /var/log/messages. Normally, NFS will fail to start if you specify a port number that is already in use. After editing /etc/sysconfig/nfs restart the NFS service by running the service nfs restart command. Run the rpcinfo -p command to confirm the changes.

To configure a firewall to allow NFS:

Allow TCP and UDP port 2049 for NFS.

Allow TCP and UDP port 111 (portmap/sunrpc).
Allow the TCP and UDP port specified with MOUNTD_PORT="x"
Allow the TCP and UDP port specified with STATD_PORT="x"
Allow the TCP port specified with LOCKD_TCPPORT="x"
Allow the UDP port specified with LOCKD_UDPPORT="x"