Date: 20 Dec 2002 10:57:44 +1000 From: Duncan Anker <d.anker@au.darkbluesea.com> To: Ryan Sommers <ryans@gamersimpact.com> Cc: questions@freebsd.org Subject: Re: NFS Reserved Port Only? Message-ID: <1040345864.6584.28.camel@duncan.au.darkbluesea.com> In-Reply-To: <1040320787.373.30.camel@lobo> References: <1040320787.373.30.camel@lobo>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 2002-12-20 at 03:59, Ryan Sommers wrote: > Does nfs_reserved_port_only really make NFS that much more secure? Or is > this more of a depricated option. Doesn't really help. It's slightly more secure in an environment where you don't fully trust your users, but all it does is require the connection to come from a privileged port. Since any script kiddie can stick a Linux or *BSD box on the net with root access, it really doesn't help secure against the sort of attacks you'd want to secure against. I have found this option is nothing more than annoying (my NFS monitor won't use a privileged port, for example) so I leave it off. As far as the rest of your NFS privilege problems go, you may need to mount the filesystem with TCP. I'm not sure how NFS works with NAT, but I had some issues with this. Alternatively, if you have multiple IP addresses on one itnerface, you need to explicitly tell nfsd which ones to bind to, as wildcarding doesn't work with UDP. HTH Duncan Anker To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1040345864.6584.28.camel>