Hi,
I am trying to mount a solaris nfs server from my linux client. The
problem is how to do this without effectively disabling the linux firewall.
I understand that the official Sun solution for Sun clients is to mount
using the -o public option. However, I can't find any support for this
in linux. I have copied a section of the man page below for completeness
that describes what this option does. My questions are
a) What can I do?
b) Could the answer be added to the firewall section of the HOWTO. It
must be a common situation. Where I work, for example, there are
hundreds of linux clients per Solaris server.
Cheers,
Raphael
------- excerpt from Solaris man page --------------
URLs and the public option
If the public option is specified, or if the resource
includes and NFS URL, mount will attempt to connect to
the server using the public file handle lookup proto-
col. See Internet RFC 2054 - WebNFS Client Specifica-
tion. If the server supports the public file handle,
the attempt is successful; mount will not need to con-
tact the server's rpcbind(1M), and the mountd(1M) dae-
mons to get the port number of the mount server and
the initial file handle of pathname, respectively. If
the NFS client and server are separated by a firewall
that allows all outbount connections through specific
ports, such as NFS_PORT, then this enables NFS opera-
tions through the firewall. The public option and the
NFS URL can be specified independently or together.
They interact as specified in the following matrix:
[...]
and from the Solaris docs
How to Mount an NFS File System Through a Firewall
1.
Become superuser.
2.
Manually mount the file system, using a command like:
# *mount -F nfs -o public bee:/export/share/local /mnt*
In this example the file system /export/share/local is mounted on
the local client using the public file handle. An NFS URL can be
used instead of the standard path name. If the public file handle
is not supported by the server bee, the mount operation will fail.
------------------------------------------------------------------------
*Note - *
This procedure requires that the file system on the NFS server be
shared using the public option and any firewalls between the
client and the server allow TCP connections on port 2049. Starting
with the 2.6 release, all file systems that are shared allow for
public file handle access.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Sun, 14 Sep 2003, Raphael Clifford wrote:
> Ion Badulescu wrote:
>
> >However, as far as I know there is no mount program for Linux that
> >supports WebNFS. Amd tried to implement it at some point, but the idea
> >quickly died off for lack of interest and users. Maybe I'll have another
> >try at it some day, but if you're not using amd anyway then there is no
> >point in wasting my time...
> >
>
> I will happily use anything on the client side that will work. Thanks
> very much for having a look at this. I think a solution would be really
> useful. Especially as the internet is such an unpleasant place at the
> moment it seems a shame to have to open your firewall more than is
> strictly necessary :)
All right, I've implemented support for webnfs mounting in the latest beta
(b4) of am-utils 6.1. [This could also go into the FAQ, I guess.]
However, if you're not currently using an automounter, switching to amd
could be somewhat of a tall order... It would be nice if webnfs support
was implemented in mount(8), as it's simple enough, but I won't be the one
to do it.
Ion
--
It is better to keep your mouth shut and be thought a fool,
than to open it and remove all doubt.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Ion Badulescu wrote:
>On Sun, 14 Sep 2003, Raphael Clifford wrote:
>
>
>
>>Ion Badulescu wrote:
>>
>>
>>
>>>However, as far as I know there is no mount program for Linux that
>>>supports WebNFS. Amd tried to implement it at some point, but the idea
>>>quickly died off for lack of interest and users. Maybe I'll have another
>>>try at it some day, but if you're not using amd anyway then there is no
>>>point in wasting my time...
>>>
>>>
>>>
>>I will happily use anything on the client side that will work. Thanks
>>very much for having a look at this. I think a solution would be really
>>useful. Especially as the internet is such an unpleasant place at the
>>moment it seems a shame to have to open your firewall more than is
>>strictly necessary :)
>>
>>
>
>All right, I've implemented support for webnfs mounting in the latest beta
>(b4) of am-utils 6.1. [This could also go into the FAQ, I guess.]
>
>However, if you're not currently using an automounter, switching to amd
>could be somewhat of a tall order... It would be nice if webnfs support
>was implemented in mount(8), as it's simple enough, but I won't be the one
>to do it.
>
>Ion
>
>
>
Ion,
That is fantastic news. Just out of interest, who should I bug about
mount? I couldn't seem to find a suitable maintainer listed anywhere.
Cheers,
Raphael
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Tue, 23 Sep 2003, Raphael Clifford wrote:
> That is fantastic news. Just out of interest, who should I bug about
> mount? I couldn't seem to find a suitable maintainer listed anywhere.
>From /usr/share/doc/util-linux-xxx/README.mount:
mount/umount for Linux 0.97.3 and later.
Authors:
Doug Quale <[email protected]>,
H.J. Lu <[email protected]>,
Rick Sladkey <[email protected]>,
Stephen Tweedie <[email protected]>.
Presently maintained by Andries Brouwer <[email protected]>.
Ftp site: ftp.win.tue.nl:/pub/linux/utils/util-linux
Red Hat separates mount from util-linux in their RPM's, but they come from
the same package (util-linux) originally.
Ion
--
It is better to keep your mouth shut and be thought a fool,
than to open it and remove all doubt.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Hi,
Is it safe to assume that
a) There is no solution for using linux with solaris nfs servers with
respect to the linux firewall and
b) There is no project working on this problem?
If so, would it be a good idea to add this to the HOWTO?
Cheers,
Raphael
Raphael Clifford wrote:
> Hi,
>
> I am trying to mount a solaris nfs server from my linux client. The
> problem is how to do this without effectively disabling the linux
> firewall.
>
> I understand that the official Sun solution for Sun clients is to
> mount using the -o public option. However, I can't find any support
> for this in linux. I have copied a section of the man page below for
> completeness that describes what this option does. My questions are
> a) What can I do?
> b) Could the answer be added to the firewall section of the HOWTO. It
> must be a common situation. Where I work, for example, there are
> hundreds of linux clients per Solaris server.
>
> Cheers,
> Raphael
>
> ------- excerpt from Solaris man page --------------
>
> URLs and the public option
> If the public option is specified, or if the resource
> includes and NFS URL, mount will attempt to connect to
> the server using the public file handle lookup proto-
> col. See Internet RFC 2054 - WebNFS Client Specifica-
> tion. If the server supports the public file handle,
> the attempt is successful; mount will not need to con-
> tact the server's rpcbind(1M), and the mountd(1M) dae-
> mons to get the port number of the mount server and
> the initial file handle of pathname, respectively. If
> the NFS client and server are separated by a firewall
> that allows all outbount connections through specific
> ports, such as NFS_PORT, then this enables NFS opera-
> tions through the firewall. The public option and the
> NFS URL can be specified independently or together.
> They interact as specified in the following matrix:
> [...]
>
> and from the Solaris docs
>
>
> How to Mount an NFS File System Through a Firewall
>
> 1.
>
> Become superuser.
>
> 2.
>
> Manually mount the file system, using a command like:
>
>
> # *mount -F nfs -o public bee:/export/share/local /mnt*
>
> In this example the file system /export/share/local is mounted on
> the local client using the public file handle. An NFS URL can be
> used instead of the standard path name. If the public file handle
> is not supported by the server bee, the mount operation will fail.
>
>
> ------------------------------------------------------------------------
> *Note - *
>
> This procedure requires that the file system on the NFS server be
> shared using the public option and any firewalls between the
> client and the server allow TCP connections on port 2049. Starting
> with the 2.6 release, all file systems that are shared allow for
> public file handle access.
>
>
>
>
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> NFS maillist - [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfs
>
>
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Mon, 08 Sep 2003 12:09:41 +0100, Raphael Clifford <[email protected]> wrote:
> Is it safe to assume that
>
> a) There is no solution for using linux with solaris nfs servers with
> respect to the linux firewall and
> b) There is no project working on this problem?
What you need here is a mount program that understands WebNFS. No change
is required for the kernel.
However, as far as I know there is no mount program for Linux that
supports WebNFS. Amd tried to implement it at some point, but the idea
quickly died off for lack of interest and users. Maybe I'll have another
try at it some day, but if you're not using amd anyway then there is no
point in wasting my time...
> If so, would it be a good idea to add this to the HOWTO?
Probably.
Ion
[amd co-maintainer]
--
It is better to keep your mouth shut and be thought a fool,
than to open it and remove all doubt.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
Ion Badulescu wrote:
>On Mon, 08 Sep 2003 12:09:41 +0100, Raphael Clifford <[email protected]> wrote:
>
>
>
>>Is it safe to assume that
>>
>>a) There is no solution for using linux with solaris nfs servers with
>>respect to the linux firewall and
>>b) There is no project working on this problem?
>>
>>
>
>What you need here is a mount program that understands WebNFS. No change
>is required for the kernel.
>
>
Thanks.
>However, as far as I know there is no mount program for Linux that
>supports WebNFS. Amd tried to implement it at some point, but the idea
>quickly died off for lack of interest and users. Maybe I'll have another
>try at it some day, but if you're not using amd anyway then there is no
>point in wasting my time...
>
>
I will happily use anything on the client side that will work. Thanks
very much for having a look at this. I think a solution would be really
useful. Especially as the internet is such an unpleasant place at the
moment it seems a shame to have to open your firewall more than is
strictly necessary :)
>
>
>>If so, would it be a good idea to add this to the HOWTO?
>>
>>
>
>Probably.
>
>Ion
>[amd co-maintainer]
>
>
>
Cheers,
Raphael
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs