NFS Client (ESXi) on LAN, NFS Server on WAN
-
Howdy! I am researching the possibility of using remote NFS with ESXi as a possible external datastore. My ESXi test host is on my LAN (behind pfSense) and I have built an Ubuntu 18.04LTS NFS Server directly on the WAN with UFW disabled (just for the test).
I have pfSense NAT from any (*) to my ESXi LAN IP 192.168.100.101 for TCP/UDP ports 2049 and 111 - ESXi uses NFS TCP only:
Rules Interface Protocol Source Address Source Ports Dest. Address Dest. Ports NAT IP NAT Ports Description Actions WAN TCP/UDP * * WAN address 2049 192.168.100.101 2049 NFS Test WAN TCP/UDP * * WAN address 111 192.168.100.101 111 NFS Test WAN ICMP * * WAN address * 192.168.100.101 * NFS Test
I have tried using this same NFS Server on the LAN and it mounts fine. When I use it on the WAN, no luck. I have even tried Disable Firewall Scrub on pfSense with no success.
Just FYI, here's my /etc/exports, I use (*) so there should be no problem:
/nfs/STORAGE1 *(rw,async,no_root_squash,no_subtree_check)
Theory: The ESXi is identifying itself to the NFS server using its LAN IP, which the NFS server tries to respond to. This works great if the NFS server is on the LAN, but not on the WAN.
THX for any input!
-John -
from LAN to LAN there is no firewall involved,
nfs need another port
check the option
RPCMOUNTDOPTS="--port 34567"i don't think you need a nat port forward, it's the client that initiate the connection, the server should be able to answer back, make a rule that block and log so you can see what's happening
-
@kiokoman thanks for the reply!
I have it working perfectly from LAN to LAN.
When I place the same server directly on a WAN IP address, with UFW disabled on the NFS server, I cannot mount it from my ESXi host which is on the LAN.
-J