Hi,
I need to export some dirs through 3 firewalls.
I know I need to lock some services to some specific ports, but this just not working:
in /etc/sysconfig/nfs
MOUNTD_PORT=9000
after restart the services(nfs and nfsserver):
flanders:/etc/sysconfig # rpcinfo -p
Why? mountds should be at port 9000 no?
Another question is where I define the port to nlockmgr and for status services?
I’m using OpenSuse 10.3
Thanks in advance
Leon
Have you tried a port < 1024?
I don’t think you can fix the ports of the other two services you mention.
Yes.
I started testing on port 990, but as it didn’t worked, I start to try ports > 1024…
I also tried with “” and without… no success.
Had to has some way to define this ports… Like, I just can’t open the firewalls between this servers (backend, frontend, balanced network) because it would represent a big security problem…
Well, thanks any way!
May be would be a good idea to do a bug report?
ken_yap
August 23, 2008, 11:25pm
#5
Works for me. I set the MOUNTD_PORT to 900 in /etc/sysconfig/nfs and then restarted the services with /etc/init.d/nfsserver restart and rpcinfo -p gives this:
# rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100005 1 udp 900 mountd
100005 1 tcp 900 mountd
100005 2 udp 900 mountd
100005 2 tcp 900 mountd
100005 3 udp 900 mountd
100005 3 tcp 900 mountd
...
I re-checked on my pc and found the same issue (OpenSuse 11)
leonw-note:/etc/sysconfig # grep "MOUNTD_PORT" /etc/sysconfig/nfs
MOUNTD_PORT="900"
leonw-note:/etc/sysconfig # /etc/init.d/nfsserver restart
Shutting down NFS server done
Starting NFS server done
leonw-note:/etc/sysconfig # rpcinfo -p
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100005 1 udp 876 mountd
100005 2 udp 876 mountd
100005 1 tcp 877 mountd
100005 2 tcp 877 mountd
100003 2 udp 2049 nfs
100003 2 tcp 2049 nfs
What are your configs for nfs and for the firewall?
In this machine (both, my pc and the server), I have disabled the firewall…
ken_yap
August 23, 2008, 11:39pm
#7
I don’t use NFS across a firewall. I was just showing that the MOUNTD_PORT option does work. I used it once when mountd clashed with the CUPS IPP port.
Have you read http://tldp.org/HOWTO/NFS-HOWTO/security.html ? It explains how to pin the ports of the various daemons. For statd you may have to edit the init script, for others you may need module options.
Changing this line on /etc/init.d/nfsserver:
startproc /usr/sbin/rpc.mountd $PARAMS
for this:
if ! $MOUNTD_PORT ]; then
startproc /usr/sbin/rpc.mountd $PARAMS
else
startproc /usr/sbin/rpc.mountd -P $MOUNTD_PORT $PARAMS
fi
I just don’t know what kind of side efects this could has…
For the other services I’m still loking for something. (and also wanto to know why this happened)
By the way, thanks for the link!
Cheers
Looks like a bug in the script. Are you to date with the latest package? This is what the lines look like in my 11.0 script:
if -n "$MOUNTD_PORT" ] ; then
startproc /usr/sbin/rpc.mountd -p $MOUNTD_PORT $VERSION_PARAMS
else
startproc /usr/sbin/rpc.mountd $VERSION_PARAMS
I checked all installed packges that has some thing to do with nfs and all they are up to date.
Also checked the sysconfig package (I don’t know if it has any thing to do with the start script, but…)
I will copy and paste your “if” in my start script just as a workaround…
Any way I filled a bug report on OpenSuse bugzilla. If was a bug and it was already fixed, probably I will know through it.
Man, thanks!!
cheers
