Quantcast
Channel: VMware Communities: Message List
Viewing all articles
Browse latest Browse all 150956

Re: Mounting NFS Datastore - Mounting with random port numbers?

$
0
0

Yes the firewall is allowing any port outbound on TCP. But why is the system establishing the connection with the QNAP on some random port? Why is it not contacting it initially on 2049? or 111?

 

If ESXI uses any port it pleases to make the initial connection, how will we ever figure out what the rules should be on the firewall until we try once and watch the packet get blocked? Right now it's kind of a guessing game.

 

Our procedure right now is to tail the log files for blocked packets, then add the QNAP to the datastore. OH LOOK, the ESXI server was blocked going to the QNAP on 53888 this time, shucks. Add rule to firewall for ESXI -> Qnap on Port 53888 along with 2049 and 111. All works now.

 

Does this sound right to anybody? It seems wrong to me. I should only need to open 2049 and 111. End of story. Why is ESXI the only system that acts this way? All other systems only need 2049 and 111 open for NFS mounting. ESXI starts off by connecting to the server on some random port....?

 

This is an example of our firewall and how it's becoming messy:

 

ESXI 1 rule

 

Allow from ESXI1 to QNAP on port 47110,111,2049

ESXI 2 rule

Allow from ESXI2 to QNAP on port 45991,111,2049

ESXI3 rule

Allow from ESXI3 to QNAP on port 53881,111,2049

ESXI4 rule

Allow from ESXI4 to QNAP on port 58283,111,2049

 

Funny, if I were to add a 2ND mount to the same QNAP on ESXI4, it would use again ANOTHER port. The rule would need to look like this

Allow from ESXI4 to QNAP on port 49223,58283,111,2049

 

This issue is actually quite a joke. I just don't get it.

 

Also, when I say firewall, I am talking about the firewalls that lie in between the ESXI servers and QNAPS. Not the buuilt in firewall. The middle firewalls are blocking since they have specific ports set (2049,111/tcp)


Viewing all articles
Browse latest Browse all 150956

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>