iptables -I INPUT -p tcp --dport 111 -j DROP iptables -I INPUT -s 10.171.254.221 -p tcp --dport 111 -j ACCEPT iptables -I INPUT -s 10.175.197.98 -p tcp --dport 111 -j ACCEPT iptables -I INPUT -s 115.236.160.xx -p tcp --dport 111 -j ACCEPT [root@nfs01 ~]# netstat -nap | grep rpcbind tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 909/rpcbind udp 0 0 0.0.0.0:111 0.0.0.0:* 909/rpcbind udp 0 0 0.0.0.0:656 0.0.0.0:* 909/rpcbind unix 2 [ ACC ] STREAM LISTENING 8778 909/rpcbind /var/run/rpcbind.sock unix 2 [ ] DGRAM 8786 909/rpcbind 1. portmap 端口 111 udp/tcp; 2. nfsd 端口 2049 udp/tcp; [root@nfs01 ~]# cat /etc/services | grep 2049 nfs 2049/tcp nfsd shilp # Network File System nfs 2049/udp nfsd shilp # Network File System nfs 2049/sctp nfsd shilp # Network File System [root@nfs01 ~]# cat /etc/services | grep 111 sunrpc 111/tcp portmapper rpcbind # RPC 4.0 portmapper TCP sunrpc 111/udp portmapper rpcbind # RPC 4.0 portmapper UDP [root@nfs01 ~]# netstat -nap | grep 2049 tcp 0 0 0.0.0.0:2049 0.0.0.0:* LISTEN - tcp 0 0 10.171.250.68:2049 10.175.197.98:676 ESTABLISHED - tcp 0 0 10.171.250.68:2049 10.171.254.221:834 ESTABLISHED - udp 0 0 0.0.0.0:2049 0.0.0.0:* - [root@nfs01 ~]# cat /etc/exports /nfs01 10.171.254.221(rw,sync,no_root_squash) /nfs01 10.175.197.98(rw,sync,no_root_squash)