From owner-freebsd-bugs  Mon Jan 24 20:29: 0 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP id F182915853
	for <freebsd-bugs@FreeBSD.ORG>; Mon, 24 Jan 2000 20:28:55 -0800 (PST)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id UAA95589;
	Mon, 24 Jan 2000 20:28:53 -0800 (PST)
	(envelope-from dillon)
Date: Mon, 24 Jan 2000 20:28:53 -0800 (PST)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200001250428.UAA95589@apollo.backplane.com>
To: freebsd-bugs@FreeBSD.ORG,
	Kannan Varadhan <kannanv@research.bell-labs.com>
Subject: Re: kern/16239: NFS mount file system from multi-homed remote host sometimes fails
References:  <200001250420.UAA10521@freefall.freebsd.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

    I think this may be a known problem.  The problem is that by
    default NFSD on the server binds to INADDR_ANY, and a UDP request
    may be responded to with a different source address (different
    from the interface address the original mount was sent to).

    Recently we committed changes that allow you to explicitly
    specify the rendezvous IP address(es) when starting up nfsd. 
    The new option is '-h bindip'.  The nfsd manual page contains
    a description of this new option.  Multiple -h options may be
    specified.

    By using this option when starting up nfsd on the NFS server, you
    should be able to successfully mount from both interface addresses
    (or at least specify a specific interface address to remove any
    possibility of the host changing the selection out from under you).

    If this turns out to be your problem and the -h option fixes it, I
    would like to close the PR report.

    --

    General recommendations:  It is often the case when you have a 
    multi-homed machine that the host is acting as a firewall and NFS is
    being used only through one of the interfaces.  If this is the case
    you definitely want to restrict NFSD's binding to just that interface
    and use ipfw to prevent any NFS packets on the other interface.

    Also note that the latest FreeBSD-stable and FreeBSD-current releases
    are now able to reliably use NFS TCP mounts rather then UDP mounts.  TCP
    mounts are generally more secure then UDP mounts, but it depends on your
    situation.  Performance will be somewhat lower with a TCP mount (but
    performance for both UDP and TCP mounts has improved phenominally in the
    last 6 months so it might be worth it).

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message