General discussion

Locked

nfs and ports

By REZUMA ·
Any help would be greatly appreciated:
I'm trying to force the nfs services to bind to a specific port, so that I can open those ports on the firewall. I have the following services running:
mountd,
statd,
rquotad,
nlockmgr

I have used the -p with the rpc.mountd, and rpc.statd, but they revert back to a randopm port after I restart the nfs service. However, I don't know how to lock down the ports for rquotad and nlockmgr.
Here are my questions:1) What is the correct way of locking down the ports for mountd and statd, permanently? I have modified the /etc/init.d/nfs and
/etc/iinit.d/nfslock, and they work, but am not sure if that is the right way.
2) How do I lock down the ports for nlockmgr, and rquotad?
3) I also have a question regarding NFS over TCP. Where does that stand with nfs version 3? I am running 2.4.18 kernel. How do I configure my nfs server to use TCP instead of UDP?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

nfs and ports

by cpfeiffe In reply to nfs and ports

1) This is the right way to lock these ports down. If you restart nfs using this script it should use these ports. If you restart nfs via kill -1 you should also be OK. I'm not sure how you are restarting nfs and why it is reverting back to the non-specified ports when you do so.
2) Unfortunately you can't. Some applications (NFS and NIS) run specific services on specific ports. It is coded into the executable. You would need the source code and a programmer to change it. Most applications are getting better about this sort of thing, but I doubt NFS will. NFS is being replaced by rsync over SSH as a more secure approach and NFS is hanging around as the easy method which isn't meant to be too complicated.
3) Again, unfortunately, you can't. NFS is built on udp for two main reasons. One is the speed and two is the crash recovery. Statelessness makes crash recovery simplified. Since there isn't a copy of the data on the client end there is no reason for statefulness (exceptin security). The NFS server is capable of TCP in version 3; howerver, clients are still using UDP.

I completely understand where you are trying to go here. Perhaps you could look up rsync and see if it is a better fit for you. The biggest problem with rsync and why I don't use it everywhere is data duplication (waste of disk space). But internal disks are getting bigger (73 GB on most systems now) so most people can load rsync data on an internal disk and not impact their SAN/NAS/symmallocation so the disk waste is occurring on disk space that was free and wasted anyway. If you stick with NFS you can try implementing secure RPC and secure NFS which will use DES encryption and relise on keys for authentication.

Good luck.

Collapse -

nfs and ports

by REZUMA In reply to nfs and ports

Poster rated this answer

Collapse -

nfs and ports

by REZUMA In reply to nfs and ports

This question was closed by the author

Back to Linux Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums