Deploying an Unraid NFS Server Behind a Firewall
Note: This set up is only necessary if you need to access your NFS server across a firewall or access control list (ACL). This step will likely not be necessary for most of you. The only firewall the majority of you will have will be the one on your router and you should never be exposing your NFS server directly to the internet.
This set up is for those of you who, like me, have a separate DMZ network that occasionally needs to access the Unraid server across a firewall (actually an access control list (ACL) in my case).
If you're interested in my network/DMZ ACL set up, you can read more about it here!
Introduction to DMZs, Firewalls, and ACLs
In networks exposed to potential hostiles (think networks with web servers), we typically isolate that network from the rest of the network by way of access control lists (ACLs) or firewalls. This network is known as a DMZ and the typical way of securing it is to set up firewall/ACL rules that explicitly permit only absolutely necessary traffic and block everything else by default.
Let's say we want our DMZ servers to be able to backup certain files to our Unraid server over NFS. In order to do so, we need to explicitly permit this NFS traffic through the ACL to our Unraid server. There's one slight problem though: by default NFS listening ports are randomly assigned. This makes it difficult to explicitly permit traffic through the ACL since we don't know what ports to allow through.
The solution? Set up static NFS server ports on Unraid. This will allow us to have static, predictable ports to permit through our firewall/ACL.
Today's guide will be focused on the essentials to get you up and running with NFS on Unraid so, if you want more details, or just want to know how to figure this kind of stuff out on your own, check out the notes I took when I set this up on my own server.
Set Up Static NFS Server Ports
In order to set up static NFS server ports, you'll first need to make sure you have the User Scripts plugin installed.
Once you have the User Scripts plugin installed, we'll create a new script to define those static ports. Thankfully, Arch on the Unraid forums has already written it for us: