From owner-freebsd-questions@FreeBSD.ORG Thu Apr 24 16:40:44 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6FBDB106567B for ; Thu, 24 Apr 2008 16:40:44 +0000 (UTC) (envelope-from bulliver@badcomputer.org) Received: from pd4mo1so.prod.shaw.ca (idcmail-mo1so.shaw.ca [24.71.223.10]) by mx1.freebsd.org (Postfix) with ESMTP id 627768FC33 for ; Thu, 24 Apr 2008 16:40:44 +0000 (UTC) (envelope-from bulliver@badcomputer.org) Received: from pd2mr6so.prod.shaw.ca (pd2mr6so-qfe3.prod.shaw.ca [10.0.141.9]) by l-daemon (Sun ONE Messaging Server 6.0 HotFix 1.01 (built Mar 15 2004)) with ESMTP id <0JZU00GR98YKXDC0@l-daemon> for freebsd-questions@freebsd.org; Thu, 24 Apr 2008 10:39:56 -0600 (MDT) Received: from pn2ml2so.prod.shaw.ca ([10.0.121.146]) by pd2mr6so.prod.shaw.ca (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JZU007JR8YK7VE0@pd2mr6so.prod.shaw.ca> for freebsd-questions@freebsd.org; Thu, 24 Apr 2008 10:39:56 -0600 (MDT) Received: from xenon.badcomputer.org ([68.148.98.184]) by l-daemon (Sun Java System Messaging Server 6.2-7.05 (built Sep 5 2006)) with ESMTP id <0JZU001ED8YJ5H00@l-daemon> for freebsd-questions@freebsd.org; Thu, 24 Apr 2008 10:39:55 -0600 (MDT) Date: Thu, 24 Apr 2008 10:39:50 -0600 From: darren kirby In-reply-to: To: freebsd-questions@freebsd.org Message-id: <200804241039.50339.bulliver@badcomputer.org> Organization: Badcomputer Org. MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-transfer-encoding: 7bit Content-disposition: inline References: User-Agent: KMail/1.9.7 Subject: Re: nfs & firewall, hard vs soft mount X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: bulliver@badcomputer.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Apr 2008 16:40:44 -0000 quoth the Colin Brace: > Hi all, > > I have a FreeBSD v7 box set up as gateway/mailserver/WAP. I leave my WAP > unencrypted, so my neighbors can use it, and use PF to allow just a few > specific services (dhcp dns, http, https). > > I'd like to be able to mount a couple of NFS shares from a desktop box > running Fedora on a wireless client. I've opened the sunrpc and nfs ports > in PF, but that doesn't seem to be enough. tcpdump indicates some high upd > ports in the 40k-50k range are used in the nfs negotiation, but I can't > figure out exactly what is going on. Does anyone know what additional ports > need to be opened for nfs? Will I need to use PF to redirect this udf > traffic to the fedora host or will it find the nfs server on its own? 'rpcinfo -p ' will show the ports/proto you need open. However, it should change some each time because rpc.mountd, rpc.statd, and lockd assign ports dynamically. You can set a few NFS options to lock these down: Eg: RPCMOUNTDOPTS="-p 4002" RPCSTATDOPTS="-p 4000" Sadly, I have only ever run an NFS server on Linux, so I do not know if there is a config to set these, or if you have to add the '-p n' to the startup scripts directly. Also, On Linux you must set the lockd port at boot time. Perhaps there is a sysctl for this on FreeBSD? HTH -d -- darren kirby :: Part of the problem since 1976 :: http://badcomputer.org "...the number of UNIX installations has grown to 10, with more expected..." - Dennis Ritchie and Ken Thompson, June 1972