I've set up an nfsv4 server and it's working fine, however the firewall is blocking nfs even if port 2049 and 111 are open.
I know nfs uses some random ports that change at every boot, but how can i make them static so i can use nfs without disabling my firewall again?
I did some more research into this. Ubuntu is using the UFW, which is extremely easy to configure, yet very potent, at least for soho needs. So, the rpc.mountd listens on multiple ports by default thus you have to bind rpc.mountd to one port, then you can add an additional UFW rule to accept incoming connection on that particular port.
To do so, open /etc/default/nfs-kernel-server and comment out the line
RPCMOUNTDOPTS=--manage-gids
and add the following line
RPCMOUNTDOPTS="-p 13025"
13025 is just a randomly selected port, something that is available and isn't already defined in /etc/services.
Restart NFSd with sudo /etc/init.d/nfs-kernel-server restart
Now configure the UFW to accept incoming connections on port 13025, 2049 and port 111.
ufw allow from 192.168.1.0/24 to any port 111
ufw allow from 192.168.1.0/24 to any port 2049
ufw allow from 192.168.1.0/24 to any port 13025
That's it. You should now be able to mount your exports form another machine. :-)
