NFS Client (ESXi) on LAN, NFS Server on WAN

unsichtbarre

Howdy! I am researching the possibility of using remote NFS with ESXi as a possible external datastore. My ESXi test host is on my LAN (behind pfSense) and I have built an Ubuntu 18.04LTS NFS Server directly on the WAN with UFW disabled (just for the test).

I have pfSense NAT from any (*) to my ESXi LAN IP 192.168.100.101 for TCP/UDP ports 2049 and 111 - ESXi uses NFS TCP only:

Rules
			Interface	Protocol	Source Address	Source Ports	Dest. Address	Dest. Ports	NAT IP	NAT Ports	Description	Actions
			WAN        	TCP/UDP	*	*	WAN address                  	2049	192.168.100.101	2049	NFS Test	  
			WAN        	TCP/UDP	*	*	WAN address                   	111	192.168.100.101	111	NFS Test	  
			WAN        	ICMP	*	*	WAN address                   	*	192.168.100.101	*	NFS Test	  

I have tried using this same NFS Server on the LAN and it mounts fine. When I use it on the WAN, no luck. I have even tried Disable Firewall Scrub on pfSense with no success.

Just FYI, here's my /etc/exports, I use (*) so there should be no problem:

/nfs/STORAGE1   *(rw,async,no_root_squash,no_subtree_check)

Theory: The ESXi is identifying itself to the NFS server using its LAN IP, which the NFS server tries to respond to. This works great if the NFS server is on the LAN, but not on the WAN.

THX for any input!
-John

kiokoman

from LAN to LAN there is no firewall involved,
nfs need another port
check the option
RPCMOUNTDOPTS="--port 34567"

i don't think you need a nat port forward, it's the client that initiate the connection, the server should be able to answer back, make a rule that block and log so you can see what's happening

unsichtbarre

@kiokoman thanks for the reply!

I have it working perfectly from LAN to LAN.

When I place the same server directly on a WAN IP address, with UFW disabled on the NFS server, I cannot mount it from my ESXi host which is on the LAN.

-J