Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Dec 2018 20:21:14 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 234106] nfsv4 server ignores nfs_reserved_port_only="YES"
Message-ID:  <bug-234106-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D234106

            Bug ID: 234106
           Summary: nfsv4 server ignores nfs_reserved_port_only=3D"YES"
           Product: Base System
           Version: 11.2-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: misc
          Assignee: bugs@FreeBSD.org
          Reporter: chaz.newton58@gmail.com

The NFSv4 server seems to be ignoring the vfs.nfsd.nfs_privport sysctl sett=
ing.

When I set either vfs.nfsd.nfs_privport=3D1 sysctl and/or
nfs_reserved_port_only=3D"YES" in rc.conf, I am not denied when using an
unprivileged port from a NAT'ed VM, but AM successfully denied when using t=
he
NFSv3 export.

The pertinent section of /etc/rc.conf on the server looks like this:

-----------
zfs_enable=3D"YES"
rpcbind_enable=3D"YES"
rpc_lockd_enable=3D"YES"
rpc_lockd_flags=3D"-d 1"
rpc_statd_enable=3D"YES"
rpc_statd_flags=3D"-d"
mountd_enable=3D"YES"
mountd_flags=3D"-S -r -p 619"
nfs_client_enable=3D"YES"=20=20=20=20=20=20=20=20
nfs_access_cache=3D"60"=20=20=20=20=20=20=20=20=20=20=20
nfs_server_enable=3D"YES"=20=20=20=20=20=20=20=20=20
nfs_server_flags=3D"-u -t -n 256"=20=20
nfs_server_managegids=3D"YES"
nfs_reserved_port_only=3D"YES"=20=20=20=20
nfs_bufpackets=3D"5"=20=20=20=20=20=20=20=20=20=20=20=20=20
nfsv4_server_enable=3D"YES"
nfsuserd_enable=3D"YES"
------------

/etc/exports:

------------
V4: /data moo.cow.com
/data/test      -alldirs -maproot=3Dnobody moo.cow.com
------------

Output in /var/log/messages from unsuccessful nfs3 mount:

------------
Dec 17 18:40:55 meow mountd[56740]: mount request from 10.10.10.18 from
unprivileged port
------------

I happened to stumble on this inconsistency while evaluating the use of NAT=
'ed
virtual machines on our Linux clients.

Is this a bug, or a mis-configuration on my part?  I'm leaning toward bug, =
as
it DOES work with the NFS3 mounts.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-234106-227>