Is it possible to fix the port ranges used by NFS protocol processes (portmapper,mountd, status ...) in Tru64 UNIX v. 5.1B in order to let them through a firewall?.
In case this is not an option in Tru64,
Which port ranges has to be reserved in the firewalls to be sure NFS traffic is not blocked?
Which is the algorithm to choose a new free port for those NFS processes ?.
Originally, all the SunRPC services (including the NFS services) except the portmapper used to use whatever random ports the OS gave them. The only way to know the current port numbers was to contact the portmapper service first, which would always be in port 111 and would know where the rest of the services are on the current host. The ability to use fixed port numbers is a later development, mostly because firewalls have become common.
In Tru64, the "nfs" service is always in port 2049, which is the standard convention. The "mountd" uses a privileged port by default, i.e. a port number that is less than 1024. The rest of the SunRPC servers use unprivileged ports, i.e. port numbers 1024 or greater. Usually, a service that needs an unprivileged port simply picks the first free port in the range of 1024 or greater at the time it starts up. The privileged ports have a specific OS version dependent port range (nnn..1023), and I don't know the specific privileged port range for Tru64.
Unfortunately, it looks like there is no way to specify fixed port numbers for NFS services in Tru64.
Some firewalls can solve this problem by snooping on the traffic of port 111. By analyzing the portmapper responses, the firewall can identify the service requested and learn which port the service is currently in, and then allow the connection to the appropriate port if the service is allowed in the firewall rules.
(If your firewall can do this, it should have a way to specify firewall rules by either SunRPC service names or program ID numbers, instead of by TCP/UDP port numbers. You can find the known program IDs in the /etc/rpc file on your system.)