Ask Your Question

How to correct firewalld in Fedora18 to allow NFS access

asked 2013-01-18 08:19:13 -0500

Richard gravatar image

updated 2013-08-26 12:34:03 -0500

ryanlerch gravatar image


We have a Fedora 18 build server for cross compiling for embedded targets. The targets connect to the server via NFS.

If I setup Firewalld via the GUI program to allow NFS, the devices cannot connect to the server. I used a Fedora 17 server, and that connects fine.

What do I need to do to Firewalld to allow NFS connections?

Other information:

  • Devices are assigned IPs through DHCP
  • I have ticked the "nfs" box in the Firewall gui

Thanks, Richard

edit retag flag offensive close merge delete

3 Answers

Sort by ยป oldest newest most voted

answered 2013-01-18 21:33:34 -0500

Akshay gravatar image

Enable the service in the default zone

firewall-cmd --add-service=<service name>

Disable a service in a zone

firewall-cmd [--zone=<zone>] --remove-service=<service>

For More info :

edit flag offensive delete link more


This is not a comment just some random cut from a manual to make point :) Please down vote.

voinageo gravatar imagevoinageo ( 2015-06-22 00:16:33 -0500 )edit

answered 2013-04-25 11:13:13 -0500

deanhunter gravatar image

Here is how I enabled NFS server on Fedora 18:

# Enable NFS server

  systemctl enable nfs-lock.service
  systemctl enable nfs-server.service

  systemctl start  nfs-lock.service
  systemctl start  nfs-server.service

  cat >/etc/firewalld/services/mountd.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
  <description>Mount Lock Daemon</description>
  <port protocol="tcp" port="20048"/>
  <port protocol="udp" port="20048"/>

  cat >/etc/firewalld/services/rpc-bind.xml <<EOD
<?xml version="1.0" encoding="utf-8"?>
  <description>Remote Procedure Call Bind</description>
  <port protocol="tcp" port="111"/>
  <port protocol="udp" port="111"/>

  restorecon /etc/firewalld/services

  firewall-cmd --permanent --zone public --add-service mountd
  firewall-cmd --permanent --zone public --add-service rpc-bind
  firewall-cmd --permanent --zone public --add-service nfs
  firewall-cmd --reload
  firewall-cmd --list-all
edit flag offensive delete link more


Worked for me in Fedora 20, thanks a lot.

Davinken gravatar imageDavinken ( 2014-04-03 13:37:00 -0500 )edit

Thanks, this really helped me, Also Fedora 20. BTW why isn't NFS service correctly configures in firewalld by default?

valentt gravatar imagevalentt ( 2014-05-31 16:14:04 -0500 )edit

deanhunter. Thank you. This also works in OEL 7.1 which allow VMware ESXi 5.5 to use nfs datastore on

Horus gravatar imageHorus ( 2015-04-14 13:04:11 -0500 )edit

I have the exact setup from above on FC22. Problem is I still get something like this: [root@nas2 ~]# showmount -e nas1 rpc mount export: RPC: Unable to receive; errno = No route to host After I disable the firewall on nas1 it works. [root@nas1 etc]# systemctl stop firewalld

There is still some port blocked.

  1. Find the ports that need to be opened: [root@nas1 etc]# rpcinfo -p
  2. Create two services for missing lockd(nlockmgr) and statd (status), add both the UDP and TCP ports
  3. Add the services to the default zone
voinageo gravatar imagevoinageo ( 2015-06-22 00:36:10 -0500 )edit

answered 2013-02-17 02:15:00 -0500

Matty gravatar image

I suspect firewalld is not opening up enough. It allows the nfs port (2049) but what about statd,lockd,mountd and the other companion services -- let alone portmapper!

edit flag offensive delete link more

Question Tools


Asked: 2013-01-18 08:19:13 -0500

Seen: 19,501 times

Last updated: Aug 26 '13