HP-UX 11i NFS ports through Firewall

Hello all,

We have an HP-UX 11i server running inside of our private area with files on it.  We have a Linux Enterprise Server 3 in our DMZ.  We want to set up a nfs mount between the two.  The linux server will mount a drive from the HP-UX machine.  I would like to know how to lock down the default ports that is used on the HP-UX machine to listen on so that we can open a default set of ports from the DMZ to the private space.  Everything is open from Private to DMZ.  I would like to know commands used and files that need to be created mostly on the HP-UX machine to make this happen.  We have done this with linux to linux and were able to open a set of ports that we specified from dmz to private but we mounted the dmz dirve on the private machine.  

I am not the Unix guy so I will have to relay with our Unix team which will delay my reply back.  They don't know how to do it and asked me because I do network security.

Thank you for the help.
Overflow.
LVL 2
overflow34Asked:
Who is Participating?
 
ahoffmannCommented:
your firewall needs to allow TCP and UDP ports 2049 and 32764-32767, depending on your NFS configuration you also need 111 and/or 1110 and/or 4001, your network admins should knwo which ports they use
0
 
gheistCommented:
And 111/tcp and 111/udp too
And paying attention that connections can be originated from low ports <1024 too.
0
 
gheistCommented:
After allowing port 111 on client run "portmapper -p server_ip-address" and post result. needed orts are numbered here.
0
 
overflow34Author Commented:
Thank you both for the information.  I am looking for the files I can modify to change the default ports to the ports that we want to allow.  As in change the default range to 30000-300010.  After rereading my post I know I did not explain this very well.

I also went ahead an awarded the points to both of you for all your help.  My company sent me out of town so instead of abandoing the question I decided to close it with the good information that was provided and open another to get the files to change the default port when I get back in town.

Thank you,
overflow34
0
 
gheistCommented:
There is little you can change with default TCP ports.
inetd does rpc services based on inetd.conf and /etc/rpc , but ports can be fairly random, i.e rpcinfo only shows which port actual service uses, and then NFS mount connects to that.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.