From owner-freebsd-net@FreeBSD.ORG Fri Jun 15 19:06:24 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id D05B416A469 for ; Fri, 15 Jun 2007 19:06:24 +0000 (UTC) (envelope-from dmehler26@woh.rr.com) Received: from ms-smtp-03.ohiordc.rr.com (ms-smtp-03.ohiordc.rr.com [65.24.5.137]) by mx1.freebsd.org (Postfix) with ESMTP id 803D613C46A for ; Fri, 15 Jun 2007 19:06:24 +0000 (UTC) (envelope-from dmehler26@woh.rr.com) Received: from satellite (cpe-71-64-129-15.woh.res.rr.com [71.64.129.15]) by ms-smtp-03.ohiordc.rr.com (8.13.6/8.13.6) with SMTP id l5FI9xWQ017442 for ; Fri, 15 Jun 2007 14:10:00 -0400 (EDT) Message-ID: <000a01c7af78$636db920$0200a8c0@satellite> From: "Dave" To: References: <20070615072734.GC8093@obiwan.tataz.chchile.org> <20070615105950.GH3779@void.codelabs.ru> <4672D09B.9030100@incunabulum.net> Date: Fri, 15 Jun 2007 14:09:59 -0400 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: Re: Firewalling NFS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Dave List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jun 2007 19:06:24 -0000 Hello, I also want to firewall an nfs server. The box that it's running on uses pf, it's a 6.2 box. I've got tcp port 2049 open, and am not sure what else to open or what other daemons to start. I'm also uncertain as to whether FreeBSD uses nfs v3 or v4? I want to export home directories to five or six different linux machines, some ubuntu and most centos5 and i remember vaguely reading about nfs v4. If anyone has this working i'd appreciate pointers. Thanks. Dave. ----- Original Message ----- From: "Bruce M. Simpson" To: "Eygene Ryabinkin" Cc: ; "Jeremie Le Hen" Sent: Friday, June 15, 2007 1:47 PM Subject: Re: Firewalling NFS > Eygene Ryabinkin wrote: >> NFSD binds to the port nfsd (2049) and for my -CURRENT both lockd >> and statd have '-p' options: >> ----- >> $ man rpc.lockd rpc.statd | grep -- -p >> rpc.lockd [-d debug_level] [-g grace period] [-p port] >> -p The -p option allow to force the daemon to bind to the >> specified >> rpc.statd [-d] [-p port] >> -p The -p option allow to force the daemon to bind to the >> specified >> ----- >> Are we talking about same entities? >> > > I added the -p switch to mountd(8) a few years ago, as I needed to run a > read-only NFS server exposed to the outside world; to firewall it I needed > a deterministic RPC port number, which is what -p gives you. Otherwise you > have to rely on the TCP wrapper support built into rpcbind(8). The > rpc.lockd and rpc.statd daemons were recently changed to incorporate this > switch too, although I don't think it has been backported to the 6-STABLE > branch yet. > > Regards, > BMS > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"