Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NFS over VLANs

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 600 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F Offline
      FarmerB3d
      last edited by

      hi folks,

      I am trying to get NFS to work between different VLANS

      VLAN1 = Client
      VLAN2 = Server

      When I have a rule allowing any > any it obviously works. showmount shows the exposed shares
      When I have a rule allowing VLAN1 > VLAN2 allow TCP/UPD on 111 and 2049 it does not work (those are the two ports needed)

      You can see from the sniff below that it negotiates a higher port and then works when I have the any<>any rule.
      How do I set this in a rule in pfSense to allow this?

      VLAN1 is untrusted with IoT devices so I don't want any anything :)

      Working version with any>any
      0dcc477d-af6a-49ea-9912-a115a3403891-image.png

      Non-working version
      fc451996-0722-41b1-ab5b-c5f72082ba27-image.png

      The rule:
      01060487-889c-40fa-b64d-00a9f4e4bf13-image.png

      NFSPorts Alias
      9ed5042f-df7a-4b9a-88d2-e82bfcda9d67-image.png

      Should the upper port be auto-negotiated or something like that?

      1 Reply Last reply Reply Quote 0
      • kiokomanK Offline
        kiokoman LAYER 8
        last edited by

        you also need mountd port

        under ubuntu it's

        sudo nano /etc/default/nfs-kernel-server

        RPCMOUNTDOPTS="--port 12345"

        sudo systemctl restart nfs-kernel-server
rpcinfo -p | grep "tcp.*mountd"

        open port 12345 on pfsense

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.