Fixing the port for mountd NFS service

fahadshery

fahadshery

Contributor
Joined
Sep 29, 2017
Messages
179
Hi,

I am accessing NFS shares behind a pfSense Firewall.
I have already opened ports:
TCP/UDP 111/2049
But every time I reboot my server the port for mountd changes.
I then have to run rpcinfo -p and then look for the new port number against mountd and then change it in the FW. It's annoying!!

How do I fix it?
Are there any tuneable? or do I need to put something in the rc.conf?

I would prefer a tuneable
 
jgreco

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
There's several IP- and port-related things which should probably be locked down for use with NFS service; the automated provisioning system we use here has the following bits included to help generate appropriate rc.conf files suitable for use with firewalls. The code itself is not helpful to you, but may include some other clues to help you out, such as the need to bind ports on the client side as well.

Code:
                nfsbindopt=""
                if ${nfsserver}; then
                        # Optionally define nfsbindips to bind to specific ip addresses
                        for i in ${nfsbindips}; do
                                nfsbindopt="${nfsbindopt} -h ${i}"
                        done
                        nfsserveropt=""
                        if [ ! -z "${nfsserverflags}" ]; then
                                nfsserveropt="${nfsserveropt} ${nfsserverflags}"
                        fi
                        echo ""
                        echo "nfs_server_enable=\"YES\""
                        echo "nfs_server_flags=\"-t${nfsbindopt}${nfsserveropt}\""
                        echo ""
                        echo "mountd_flags=\"-r -p 4046${nfsbindopt}\""
                fi
[...]
                if [ "${nfsserver}" = "true" -o "${nfsclient}" = "true" ]; then
                        echo ""
                        echo "rpcbind_enable=\"YES\""
                        echo ""
                        echo "rpc_lockd_enable=\"YES\""
                        echo "rpc_lockd_flags=\"-p 4045${nfsbindopt}\""
                        echo ""
                        echo "rpc_statd_enable=\"YES\""
                        echo "rpc_statd_flags=\"-p 4047${nfsbindopt}\""
                fi


Please remember that running NFS through a firewall is probably dangerous and foolish if the traffic ends up on the public Internet.
 
fahadshery

fahadshery

Contributor
Joined
Sep 29, 2017
Messages
179
jgreco said:
There's several IP- and port-related things which should probably be locked down for use with NFS service; the automated provisioning system we use here has the following bits included to help generate appropriate rc.conf files suitable for use with firewalls. The code itself is not helpful to you, but may include some other clues to help you out, such as the need to bind ports on the client side as well.

Code:
                nfsbindopt=""
                if ${nfsserver}; then
                        # Optionally define nfsbindips to bind to specific ip addresses
                        for i in ${nfsbindips}; do
                                nfsbindopt="${nfsbindopt} -h ${i}"
                        done
                        nfsserveropt=""
                        if [ ! -z "${nfsserverflags}" ]; then
                                nfsserveropt="${nfsserveropt} ${nfsserverflags}"
                        fi
                        echo ""
                        echo "nfs_server_enable=\"YES\""
                        echo "nfs_server_flags=\"-t${nfsbindopt}${nfsserveropt}\""
                        echo ""
                        echo "mountd_flags=\"-r -p 4046${nfsbindopt}\""
                fi
[...]
                if [ "${nfsserver}" = "true" -o "${nfsclient}" = "true" ]; then
                        echo ""
                        echo "rpcbind_enable=\"YES\""
                        echo ""
                        echo "rpc_lockd_enable=\"YES\""
                        echo "rpc_lockd_flags=\"-p 4045${nfsbindopt}\""
                        echo ""
                        echo "rpc_statd_enable=\"YES\""
                        echo "rpc_statd_flags=\"-p 4047${nfsbindopt}\""
                fi


Please remember that running NFS through a firewall is probably dangerous and foolish if the traffic ends up on the public Internet.
Click to expand...
thanks for this but My TN instance along with other VMs are not public facing. They are internal to my Network. I have seen some very old post where people were suggesting to fix these ports using tuneable but not sure how to set those up
 
jgreco

jgreco

Resident Grinch
Joined
May 29, 2011
Messages
18,680
fahadshery said:
thanks for this but My TN instance along with other VMs are not public facing. They are internal to my Network. I have seen some very old post where people were suggesting to fix these ports using tuneable but not sure how to set those up
Click to expand...

Whether or not it is public facing, the stuff you need in rc.conf{,.local} is the same.
 
You must log in or register to reply here.

Similar threads

D
NFS lockd not starting properly on reboot
Replies
2
Views
1K
fraenki
F
F
Kerberised NFS not working after TrueNAS 12.0-U4 to 2.0-U8.1 upgrade
2
Replies
20
Views
2K
Ericloewe
Ericloewe
A
NFS: bind port to mountd not working
Replies
2
Views
2K
fahadshery
fahadshery
U
Register NFS V4 server with rpcbind.
Replies
1
Views
316
Heracles
Heracles
Oko
  • Locked
SOLVED NFS Lock Manager missing
Replies
19
Views
10K
mopcrust
M
Top