Re: statd not binding to outgoing-port
On Sat, 2006-04-15 at 09:05 -0500, Hugo Vanwoerkom wrote:
> Sumo Wrestler (or just ate too much) wrote:
> > Hugo Vanwoerkom wrote:
> >> Hi,
> >> In according to:
> >> http://nfs.sourceforge.net/nfs-howto/security.html#FIREWALLS
> >> one way to force statd to fixed ports is with the -p and -o options.
> >> So I added
> >> STATDOPTS="-p 854 -o 856"
> >> to /etc/init.d/nfs-common.
> >> [...]
> > Did you add that line before the invoking of /etc/default/nfs-common or
> > after. Perhaps you should examine /etc/default/nfs-common, as that might
> > be a better place for your settings.
> > Note: I've never explicitly used rpc.statd or nfs. I just looked at the
> > scripts on my system.
> > /etc/init.d/nfs-common has code to invoke /etc/default/nfs-common.
> > /etc/default/nfs-common sets STATDOPTS. If you set STATDOPTS before the
> > invokation of /etc/default/nfs-common, your settings will be lost.
> Good point. Thanks. I completely forgot to look at
> /etc/default/nfs-common. Let me try it again.
I've been working with NFS this weekend and had some fun with the ports
too. Now I have everything on a fixed port so nfs will work through the
firewall. I have the following in my docs:
in /etc/defaults/nfs-* (common and kernel-server) you can set the ports
for the daemons (as noted before) except for lockd. I've found that this
can be fixed by putting the ports in /proc/sys/fs/nfs/nlm_*
(tcpport/udpport) and restarting the nfs-server. A fix to the
init-script of the nfs-server should take care of this.
Philippe De Ryck