Wednesday, October 5, 2011

NFS Ports


Ports
=====
The ports used by NFS RPC-based service can be listed by:

$ rpcinfo -p

While NFS uses port 2049 and portmapper uses port 111,
the underlying RPC mapper uses a variation of ports,
by default randomly assigned as part of the Sun specs.

rpc.statd :
A daemon that listens for reboot notifications from other hosts,
and manages the list of hosts to be notified when the local system reboots

If the -p option is not specified,
rpc.statd chooses a random ephemeral port for each listener socket.

-o, --outgoing-port
Specifies the source port number
for NFS server to send reboot notifications.

rpc.mountd :
The rpc.mountd program implements the NFS mount protocol.
The -p option force rpc.mountd to bind to the specified port num,
instead of using the random port number assigned by the portmapper.

Fix Ports
=======
/etc/default/nfs-common
STATDOPTS="-p 32765 -o 32766"


/etc/default/nfs-kernel-server
RPCMOUNTDOPTS="-p 32767"


Sample mounting options
===================
mount -v -t nfs -o proto=tcp,port=2049,mountport=32767 {Server-IP or Server Name}:/path/to/public /local/mount/directory

'man nfs' for more info


Configuring port forwarding with Virtualbox NAT for NFS Server
==============================================
As the virtual machine is connected to a private network internal to VirtualBox and invisible to the host,
network services on the guest are not accessible to the host machine or to other computers on the same network.
However, like a physical router, VirtualBox can make selected services available to the world outside the guest through port forwarding.
This means that VirtualBox listens to certain ports on the host and resends all packets which arrive there to the guest, on the same or a different port.

VBoxManage modifyvm "VM name" --natpf1 "guestnfs,tcp,,2049,,2049"
VBoxManage modifyvm "VM name" --natpf1 "gueststatd,tcp,,32765,,32765"
VBoxManage modifyvm "VM name" --natpf1 "guestnotify,tcp,,32766,,32766"
VBoxManage modifyvm "VM name" --natpf1 "guestmountd,tcp,,32767,,32767"

The NFS client can use the standard NFS port number of 2049 without first checking the server's rpcbind service.
This allows an NFS version 4 client to contact an NFS version 4 server through a firewall that may block rpcbind requests.

Ref:
man rpc.statd
man rpc.mountd
man nfs
http://happylilypad.com/blog/index.php?/archives/37-Setup-NFS-on-Debian-particularly-configure-the-firewall.html
http://www.virtualbox.org/manual/ch06.html#natforward
http://www.linuxquestions.org/questions/linux-security-4/firewall-blocking-nfs-even-though-ports-are-open-294069/

No comments:

Post a Comment