Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Dec 2018 20:21:14 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 234106] nfsv4 server ignores nfs_reserved_port_only="YES"
Message-ID:  <bug-234106-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234106

            Bug ID: 234106
           Summary: nfsv4 server ignores nfs_reserved_port_only="YES"
           Product: Base System
           Version: 11.2-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: misc
          Assignee: bugs@FreeBSD.org
          Reporter: chaz.newton58@gmail.com

The NFSv4 server seems to be ignoring the vfs.nfsd.nfs_privport sysctl setting.

When I set either vfs.nfsd.nfs_privport=1 sysctl and/or
nfs_reserved_port_only="YES" in rc.conf, I am not denied when using an
unprivileged port from a NAT'ed VM, but AM successfully denied when using the
NFSv3 export.

The pertinent section of /etc/rc.conf on the server looks like this:

-----------
zfs_enable="YES"
rpcbind_enable="YES"
rpc_lockd_enable="YES"
rpc_lockd_flags="-d 1"
rpc_statd_enable="YES"
rpc_statd_flags="-d"
mountd_enable="YES"
mountd_flags="-S -r -p 619"
nfs_client_enable="YES"        
nfs_access_cache="60"           
nfs_server_enable="YES"         
nfs_server_flags="-u -t -n 256"  
nfs_server_managegids="YES"
nfs_reserved_port_only="YES"    
nfs_bufpackets="5"             
nfsv4_server_enable="YES"
nfsuserd_enable="YES"
------------

/etc/exports:

------------
V4: /data moo.cow.com
/data/test      -alldirs -maproot=nobody moo.cow.com
------------

Output in /var/log/messages from unsuccessful nfs3 mount:

------------
Dec 17 18:40:55 meow mountd[56740]: mount request from 10.10.10.18 from
unprivileged port
------------

I happened to stumble on this inconsistency while evaluating the use of NAT'ed
virtual machines on our Linux clients.

Is this a bug, or a mis-configuration on my part?  I'm leaning toward bug, as
it DOES work with the NFS3 mounts.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-234106-227>