From where I can find documentation on NFSv4, it seems that only one
TCP port 2049 should be being used and the portmapper is no longer
used. Examples include
http://www.vanemery.com/Linux/NFSv4/NFSv4-no-rpcsec.html
and
http://nfsv4.bullopensource.org/doc/NFS3_NFS4_migration.pdf
But that doesn't seem to be the reality. I'm trying to mount a Gentoo
Linux server from a Gentoo Linux client (sudo mount -t nfs4
thewarehouse:/ /mnt/thewarehouse) and I even recompiled the client's
kernel to support only NFSv4 and I'm seeing this message on the
server end:
[portmap] connect from 129.98.90.163 to getport(nfs): request from
unauthorized host
So it appears the portmapper and TCP 111 is required after all.
What's going on?
(other keywords: firewall, iptables, tcpwrappers, hosts.allow)
--
Maurice Volaski, [email protected]
Computing Support, Rose F. Kennedy Center
Albert Einstein College of Medicine of Yeshiva University
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Wed, 2006-09-13 at 13:44 -0400, Maurice Volaski wrote:
> From where I can find documentation on NFSv4, it seems that only one
> TCP port 2049 should be being used and the portmapper is no longer
> used. Examples include
>
> http://www.vanemery.com/Linux/NFSv4/NFSv4-no-rpcsec.html
> and
> http://nfsv4.bullopensource.org/doc/NFS3_NFS4_migration.pdf
>
> But that doesn't seem to be the reality. I'm trying to mount a Gentoo
> Linux server from a Gentoo Linux client (sudo mount -t nfs4
> thewarehouse:/ /mnt/thewarehouse) and I even recompiled the client's
> kernel to support only NFSv4 and I'm seeing this message on the
> server end:
>
> [portmap] connect from 129.98.90.163 to getport(nfs): request from
> unauthorized host
>
> So it appears the portmapper and TCP 111 is required after all.
> What's going on?
Are you using rpcsec_gss? The rpc.gssd daemon appears to never set the
port in create_auth_rpc_client(). It therefore will require a portmap
lookup.
Cheers,
Trond
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
> > So it appears the portmapper and TCP 111 is required after all.
>> What's going on?
>
>Are you using rpcsec_gss? The rpc.gssd daemon appears to never set the
No, neither computer even has the rpcsec_gss stuff installed.
--
Maurice Volaski, [email protected]
Computing Support, Rose F. Kennedy Center
Albert Einstein College of Medicine of Yeshiva University
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
On Thu, 2006-09-14 at 13:07 -0400, Maurice Volaski wrote:
> > > So it appears the portmapper and TCP 111 is required after all.
> >> What's going on?
> >
> >Are you using rpcsec_gss? The rpc.gssd daemon appears to never set the
>
> No, neither computer even has the rpcsec_gss stuff installed.
All I can say, then, is that this works for me. The portmapper does
still need to be installed in order to let the servers register, but
that only means that you need to allow access from the loopback address:
127.0.0.1.
Note that the client needs a portmapper to be listening on 127.0.0.1
too, since it will attempt to register the NFSv4 callback channel as an
RPC service. This rather unnecessary requirement will hopefully
disappear when we fix the kernel RPC server code.
Cheers,
Trond
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs
>On Thu, 2006-09-14 at 13:07 -0400, Maurice Volaski wrote:
>> > > So it appears the portmapper and TCP 111 is required after all.
>> >> What's going on?
>> >
>> >Are you using rpcsec_gss? The rpc.gssd daemon appears to never set the
>>
>> No, neither computer even has the rpcsec_gss stuff installed.
>
>All I can say, then, is that this works for me.
Well, the only reason it does not work for me is simply because I
have 111 blocked on the server. If I allow it through, nfs does
indeed work. But the documentation appears to be claiming that ALL
client-server communication takes place over 2049. Is it just a
documentation bug?
Here the mount command on the client attempts to access the
portmapper of the server on port 111:
Sep 14 12:23:34 matrix [17193703.828000] nfs outputIN= OUT=eth0
SRC=129.98.90.163 DST=129.98.90.11 LEN=60 TOS=0x00 PREC=0x00 TTL=64
ID=33189 DF PROTO=TCP SPT=60446 DPT=111 WINDOW=5840 RES=0x00 SYN
URGP=0
--
Maurice Volaski, [email protected]
Computing Support, Rose F. Kennedy Center
Albert Einstein College of Medicine of Yeshiva University
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
NFS maillist - [email protected]
https://lists.sourceforge.net/lists/listinfo/nfs