Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NFS Client (ESXi) on LAN, NFS Server on WAN

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 458 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unsichtbarre
      last edited by

      Howdy! I am researching the possibility of using remote NFS with ESXi as a possible external datastore. My ESXi test host is on my LAN (behind pfSense) and I have built an Ubuntu 18.04LTS NFS Server directly on the WAN with UFW disabled (just for the test).

      I have pfSense NAT from any (*) to my ESXi LAN IP 192.168.100.101 for TCP/UDP ports 2049 and 111 - ESXi uses NFS TCP only:

      Rules
			Interface	Protocol	Source Address	Source Ports	Dest. Address	Dest. Ports	NAT IP	NAT Ports	Description	Actions
			WAN        	TCP/UDP	*	*	WAN address                  	2049	192.168.100.101	2049	NFS Test	  
			WAN        	TCP/UDP	*	*	WAN address                   	111	192.168.100.101	111	NFS Test	  
			WAN        	ICMP	*	*	WAN address                   	*	192.168.100.101	*	NFS Test

      I have tried using this same NFS Server on the LAN and it mounts fine. When I use it on the WAN, no luck. I have even tried Disable Firewall Scrub on pfSense with no success.

      Just FYI, here's my /etc/exports, I use (*) so there should be no problem:

      /nfs/STORAGE1   *(rw,async,no_root_squash,no_subtree_check)

      Theory: The ESXi is identifying itself to the NFS server using its LAN IP, which the NFS server tries to respond to. This works great if the NFS server is on the LAN, but not on the WAN.

      THX for any input!
      -John

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by kiokoman

        from LAN to LAN there is no firewall involved,
        nfs need another port
        check the option
        RPCMOUNTDOPTS="--port 34567"

        i don't think you need a nat port forward, it's the client that initiate the connection, the server should be able to answer back, make a rule that block and log so you can see what's happening

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        U 1 Reply Last reply Reply Quote 0
        • U
          unsichtbarre @kiokoman
          last edited by

          @kiokoman thanks for the reply!

          I have it working perfectly from LAN to LAN.

          When I place the same server directly on a WAN IP address, with UFW disabled on the NFS server, I cannot mount it from my ESXi host which is on the LAN.

          -J

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.