On the NFS server, these iptables
settings are sufficient to allow contact with the Kerberos Server and the Kerberos Admin Server:
# KDM is the IP of the Kerberos Server # KADMIN is the IP of the Kerberos Admin Server #Allow Kerberos (both TCP and UDP): iptables -A INPUT -i ${IFACE} -p tcp -s ${KDM} --sport 88 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o ${IFACE} -p tcp -d ${KDM} --dport 88 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -i ${IFACE} -p udp -s ${KDM} --sport 88 -j ACCEPT iptables -A OUTPUT -o ${IFACE} -p udp -d ${KDM} --dport 88 -j ACCEPT #Allow Kadmin: iptables -A INPUT -i ${IFACE} -p tcp -s ${KADMIN} --sport 749 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o ${IFACE} -p tcp -d ${KADMIN} --dport 749 -m state --state NEW,ESTABLISHED -j ACCEPT