Which ports are relevant for directing NFS traffic over iptables (or any other way) to a server behind a firewall server

I read that NFS v4 requires only port (2049). This is the post I relied on.
However, if I do a rpcinfo -p before starting nfs, I see:

rpcinfo -p
program vers proto   port  service
100000    4   tcp    111  portmapper
100000    3   tcp    111  portmapper
100000    2   tcp    111  portmapper
100000    4   udp    111  portmapper
100000    3   udp    111  portmapper
100000    2   udp    111  portmapper
100024    1   udp  52646  status
100024    1   tcp  41005  status

After I start nfs server, the following are added:

100005    1   udp  41473  mountd
100005    1   tcp  34257  mountd
100005    2   udp  44704  mountd
100005    2   tcp  33601  mountd
100005    3   udp  40259  mountd
100005    3   tcp  35317  mountd
100003    3   tcp   2049  nfs
100003    4   tcp   2049  nfs
100227    3   tcp   2049
100021    1   udp  45607  nlockmgr
100021    3   udp  45607  nlockmgr
100021    4   udp  45607  nlockmgr
100021    1   tcp  42915  nlockmgr
100021    3   tcp  42915  nlockmgr
100021    4   tcp  42915  nlockmgr

It appears that some of these ports are dynamically assigned. I would like to know:

 1. How many of them are really needed to be forwarded.
 2. How to statically set them so that I can forward traffic from these ports to the NFS server from the firewall.

Getting NFS server set on the firewall machine was easy. Getting it to work on an internal server has been very trying.

Port 111 is needed for NFSv3 only, if your clients are on NFSv4 and up you can disable v3 altogether (disabling v3 helps with security BTW).

Some good wrap up on both NFSv3/4 & SMB3 firewall configuration could be found here:

https://www.ibm.com/docs/en/spectrum-scale/5.1.0?topic=firewall-recommendations-protocol-access