Your firewalls need to allow some TCP and UDP ports, depending on whether your NFS server is using NFSv3 or v4 as the highest version. As of LMI 6.2.0, NFSv4 is always attempted first then fallback to v3 occurs, but only if v4 isn't offered by the server. If v4 is offered but something prevents the file share from being mounted (and produces an error) then fallback to v3 does not occur.

Note that although LMI only uses TCP-based NFS, that only applies to port 2049 for transmitting data. UDP ports, such as 111 for portmapper, are still used during the mounting process. Some ports are repeated below for NFSv3 because they are listed based on function rather than providing a single unique port list.

LogLogic LMI’s functionality with respect to NFS differs depending on the LMI version in use. The port tables below are organized using the following criteria (in order listed):

• LMI version
• NFS version
• test mount vs permanent mount (if applicable to distinguish the ports based on the LMI code)

In summary, here are the changes in NFS usage throughout the history of LogLogic LMI. The tables below document the changes in the NFS ports due to these changes in usage:

• For LMI versions up to and including 5.5.1, the -o tcp option for the mount command was only used for test mounting the file share
• For LMI versions 5.6.0 - 6.1.1, inclusive, the -o tcp option wasn’t used for test or permanent mounting so the ports utilized are identical for the test and permanent mount scenarios,
• For LMI versions 6.2.0 - 6.2.1, inclusive, the -o tcp option was re-introduced for test mounting,
• For LMI versions 6.3.0 and higher, the -o option was removed once again thus reintroducing the behavior of LMI versions 5.6.0 - 6.1.1.

NFSv4 is unaffected by the use of the mount command’s -o tcp option because it uses TCP all the time for all operations. This is reflected in the tables below by not distinguishing between the test and permanent mount scenarios when using NFSv4.
 

Up to and including 5.5.1 - Only NFSv3 is supported

Test mount requirements (mount, test file copy):

Layer 4 Protocol	Port	Process	Function
UDP	dynamic	mountd	mounting
TCP	111	RPC portmapper	mounting, file copy
UDP	111	RPC portmapper	mounting
TCP	2049	NFS	mounting, file copy

 

Permanent mount requirements (mount, file locking and file transfers):

Layer 4 Protocol	Port	Process	Function
TCP	dynamic	lockd	file locking
TCP	dynamic	mountd	mounting
TCP	111	RPC portmapper	mounting, file locking and transfer
TCP	2049	NFS	mounting, file locking and transfer

 

5.6.0 to 6.1.1 - Only NFSv3 is supported

Test mount requirements (mount, test file copy):

Layer 4 Protocol	Port	Process	Function
UDP	dynamic	mountd	mounting
TCP	111	RPC portmapper	mounting, file copy
UDP	111	RPC portmapper	mounting
TCP	2049	NFS	mounting, file copy

 

Permanent mount requirements (mount, file locking and file transfers):

 

6.2.0 to 6.2.1 - NFSv3 and v4 are supported

NFSv3

Test mount requirements (mount, test file copy):

 

Permanent mount requirements (mount, file locking and file transfers):

 

NFSv4

Test and permanent requirements (mounting, locking and transmitting files):

 

6.3.0 and higher - NFSv3 and v4 are supported

NFSv3

Test mount requirements (mount, test file copy):

 
Permanent mount requirements (mount, file locking and file transfers):
   

NFSv4

Test and permanent requirements (mounting, locking and transmitting files):

 

As can be seen, NFSv4 is much simpler by using fewer ports so v4 is recommended to be used when possible (when using LMI 6.2.0 and higher). If you must use NFSv3 then it is recommended to configure your NFS server to statically bind mountd and lockd services to specific ports to minimize holes in firewalls. The procedure for this varies depending on the NFS software in use so refer to your vendor documentation for configuring your NFS server to statically bind ports for mountd and lockd.

This article documents the ports, function and transport protocol required for using NFS v3 and v4 with LMI for purposes of backups and archiving so that users can properly configure their firewalls.