?

Log in

No account? Create an account

Previous Entry | Next Entry

I'm using Fedora 20. I was having quite a bit of trouble mounting NFS host export directories in my virtual machine guests. It seemed to be firewall related. If I shut off the firewall completely
  # systemctl stop firewalld.service


then NFS would work, but the VM would lose the ability to do networking with the public network e.g. yum updates would fail. I could not seem to get the magic combination of firewall ports/services to allow. Even after allowing NFS, RPC bind, and port 20048 tcp and udp, NFS mounts would still fail.

I finally figured out that I needed to simply disable the firewall on the virtual interface.

Step 1: Find out the name of the virtual bridge device:
  # ip addr
  ...
  4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default 
    link/ether 52:54:00:27:a8:fb brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever


The name is virbr0

Step 2: Tell firewalld to trust any connection using this device:
  # firewall-cmd --zone=trusted --add-interface=virbr0
  success
  # firewall-cmd --permanent --zone=trusted --add-interface=virbr0
  success


This tells firewalld to allow any/all traffic using the virtual bridge. Using --permanent tells firewalld to make this configuration persistent.