Linux

1) This is the right way to lock these ports down. If you restart nfs using this script it should use these ports. If you restart nfs via kill -1 you should also be OK. I'm not sure how you are restarting nfs and why it is reverting back to the non-specified ports when you do so.
2) Unfortunately you can't. Some applications (NFS and NIS) run specific services on specific ports. It is coded into the executable. You would need the source code and a programmer to change it. Most applications are getting better about this sort of thing, but I doubt NFS will. NFS is being replaced by rsync over SSH as a more secure approach and NFS is hanging around as the easy method which isn't meant to be too complicated.
3) Again, unfortunately, you can't. NFS is built on udp for two main reasons. One is the speed and two is the crash recovery. Statelessness makes crash recovery simplified. Since there isn't a copy of the data on the client end there is no reason for statefulness (exceptin security). The NFS server is capable of TCP in version 3; howerver, clients are still using UDP.

I completely understand where you are trying to go here. Perhaps you could look up rsync and see if it is a better fit for you. The biggest problem with rsync and why I don't use it everywhere is data duplication (waste of disk space). But internal disks are getting bigger (73 GB on most systems now) so most people can load rsync data on an internal disk and not impact their SAN/NAS/symmallocation so the disk waste is occurring on disk space that was free and wasted anyway. If you stick with NFS you can try implementing secure RPC and secure NFS which will use DES encryption and relise on keys for authentication.

Good luck.

This question was closed by the author