Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 19 Jun 2004 15:44:32 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Bruce Hunter <bhunter@solisix.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: NFS Port
Message-ID:  <20040619144432.GA45261@happy-idiot-talk.infracaninophile.co.uk>
In-Reply-To: <1087233657.662.2.camel@solid.solisixoffice.com>
References:  <1087233657.662.2.camel@solid.solisixoffice.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jun 14, 2004 at 01:20:57PM -0400, Bruce Hunter wrote:

> I am able to connect to my NFS system like so
> mount 192.168.1.14:/home/NFSave /mnt/coreserver
>=20
> I want to connect from outside my network, like when I'm at school. What
> port(s) does NFS run off. I have to do port forwarding on my
> Router/Firewall.

Look at mountd(8) for the server side of managing NFS -- use the '-p'
options to specify a port to listen on for NFS mount requests.  Port
2049 is the traditional port number for NFS, but portmap(8) generally
only treats that as a guideline, so unless you force it, NFS can use
just about any high numbered port.

Make sure you firewall off port 111 very carefully on any system
running portmap(8) [4.x] or rpcbind(8) [5.x] -- (same program, just
renamed between system versions) exposed to the Internet.  RPC is a
favourite and generally very fruitful attack vector.

On the client, you will need to use tcp as the transport -- not all
clients will support that -- and you can specify what port to contact
the server on in /etc/fstab, thus bypassing the usual portmapper
procedure.  See the descriptions of the '-T' and '-o port' options in
mount_nfs(8).

As others have mentioned, this would be a good situation in which to
use an IPSEC tunnel or similar between server and client -- NFS
traffic is vulnerable to snooping and exposes the contents of your
harddrive.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFA1FFQiD657aJF7eIRAvKHAKCJuM9Uga1GmDtBlOkTg3bqSG/LhACgnxxB
ls/C50In3vLcQHt/LahMOGQ=
=evGg
-----END PGP SIGNATURE-----

--VS++wcV0S1rZb1Fb--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040619144432.GA45261>