I am generally quite accustomed to how firewalld works and have created several successful setups in the past. However, currently I am puzzled as to why it blocks traffic despite having added the service to the list.
What I am trying to establish is to share an NFS export with my other computer. I set up the export, enabled (and started) the nfs-server.service as well as added a firewalld service. SELinux I generally have set to permissive (please do not complain about it as it is besides this question).
Firewall configuration for my default zone looks as follows:
I compared it with another computer I have set up NFS shares on (running Fedora 39) and it does not look (much) different (apart from it working there):
Thank you! While mountd appeared to not be required, adding rpc-bind appeared to have solved the issue.
Could you also explain what you mean with āunprivileged NFSā, please? This would imply that there would also be a āprivileged NFSā as opposite/alternative. What is the difference? How does one set up one or the other?
For example, on my server (the other computer running Fedora 39), all I did was setting up NFS like I tried today, but there it works āas isā without having to add the rpc-bind service as well.
EDIT
Realized that the workstation has the ports 1025- open, which includes the port for mountd, thus not needing it in my particular setup on my workstation.
File managers like Nautilus allow to mount NFS as unprivileged user without binding to privileged ports, but this requires to open extra ports on the server.
Thanks for the explanation! Though I am still truly puzzled as all I was doing was setting up the NFS share (using Cockpit) and on the other side I configured autofs to mount it. It is the very same setup I have in reverse and worked for years without rpc-bind and mountd.
Anyway: Your first response solved this for me and I made a note on that for future reference to not forget (in case the Internet does).