This page shows you how to set the ports for the statd
and nlockmgr
daemons
on your client VMs to make firewall configuration easier. You may need to set
these ports if your applications require NFS file locking and your
Filestore instances are not using the default VPC network with unchanged
settings.
Filestore uses the nlockmgr
and statd
daemons to enable file
locking. The ports for these services need to be properly exposed on your client
VMs through the your firewall rules so that clients can properly use locks.
For more information on determining if you need to configure a firewall rule for
the VPC network, see
Configuring Firewall Rules.
If you do need to configure ingress firewall rules, or think you might need to at any
point, we strongly recommend setting the statd
and nlockmgr
ports so that
they are consistent on all client VMs, making it easier to configure ingress
firewall rules.
Checking port settings
Run the following commands on the client VM instance to see how the statd
and
nlockmgr
ports are currently set. If the files don't exist, or if the options
don't have values, then the ports aren't set. In that case, the daemons are
dynamically assigned arbitrary available ports.
Debian/Ubuntu
Run the following command and look at the
STATDOPTS
value to determine thestatd
port:cat /etc/default/nfs-common
Run the following command and look at the
nlm_tcpport
andnlm_udpport
values to determine thenlockmgr
port:cat /etc/modprobe.d/lock.conf
RHEL/CentOS
Run the following command and look at the
STATD_PORT
value to determine thestatd
port:cat /etc/sysconfig/nfs
Run the following command and look at the
nlm_tcpport
andnlm_udpport
values to determine thenlockmgr
port:cat /etc/modprobe.d/lock.conf
SUSE
Run the following command:
cat /etc/sysconfig/nfs
The statd
port is listed under STATD_PORT
and the nlockmgr
port is
listed under LOCKD_TCPPORT
and LOCKD_UDPPORT
.
Setting ports
Run the following commands on the client VM instance to set the statd
and
nlockmgr
ports. These examples use the vim
text editor, but you can use any
text editor. These examples also use 2046 as the port for statd
and 4045 as
the port for nlockmgr
because these are common choices. You can use different
ports if they are appropriate for your network configuration. In this case, the
ingress firewall rules must allow traffic to the specific ports that you use.
Debian/Ubuntu
Set the
statd
port:Open the
/etc/default/nfs-common
file for editing:sudo vim /etc/default/nfs-common
Set the
STATDOPTS
option:STATDOPTS="-p 2046"
Save the file and exit.
Set the
nlockmgr
port:Create the
/etc/modprobe.d/lock.conf
file:sudo vim /etc/modprobe.d/lock.conf
Set the
nlm_tcpport
andnlm_udpport
options:options lockd nlm_tcpport=4045 options lockd nlm_udpport=4045
Save the file and exit.
RHEL/CentOS
Set the
statd
port:Open the
/etc/sysconfig/nfs
file for editing:sudo vim /etc/sysconfig/nfs
Set the
STATD_PORT
option:STATD_PORT=2046
Save the file and exit.
Set the
nlockmgr
port:Create the
/etc/modprobe.d/lock.conf
file:sudo vim /etc/modprobe.d/lock.conf
Set the
nlm_tcpport
andnlm_udpport
options:options lockd nlm_tcpport=4045 options lockd nlm_udpport=4045
Save the file and exit.
SUSE
Set the statd
and nlockmgr
ports:
Open the
/etc/sysconfig/nfs
file for editing:sudo vim /etc/sysconfig/nfs
Set the
STATD_PORT
,LOCKD_TCPPORT
, andLOCKD_UDPPORT
options:STATD_PORT=2046 LOCKD_TCPPORT=4045 LOCKD_UDPPORT=4045
Save the file and exit.