Hello,
On my TN server I've found that the NFS & SMB "Bind IP Address" settings in the Services menu don't seem to work correctly if the NFS & SMB services are set to automatically start on boot.
They will work correctly if:
- NFS and SMB are manually started after boot-up.
- Or, if services are set to autostart, then after boot-up,
both services are turned off, then back on.
Also tried this with one of the datasets that is served by NFS & SMB set to password encryption. In this case, if the NFS & SMB services are turned on after the dataset is unlocked then the IP address bindings work.
For me the workaround of starting NFS & SMB services manually after a boot up is not too bad since I normally have one of the datasets configured for password encryption and need to log on anyway. (Most of the tests for IP bindings were performed with the dataset encryption set to inherited.)
However, other users may be specifying IP address bindings, have not tested them, and do not realize that they are not working as expected.
The server is using a single Ethernet interface and is configured for VLANs.
- Non-VLAN access is used for the TrueNAS GUI and SSH.
- VLANs are used for NFS & SMB access.
When IP bindings fail the NFS and SMB ports are open to any VLAN.
Using netstat shows that the NFS and SMB ports are not bound. (Listening on *.139 *.445, etc)
Port scan of server with nmap shows these ports are open.
Attempting access from a PC that should be blocked, is not blocked.
If I clear the check boxes to autostart NFS & SMB, reboot, then manually start NFS and SMB. Netstat shows that the listening ports are bound to the correct IP address.
Port scan from a unauthorized subnet shows the ports are closed.
Attempt to access NFS or SMB fails on PCs that are not on the correct subnet.
TrueNAS version is 13.0-U3.1
TrueNAS is running on a Dell T30 server with:
- Xeon E3-1225v5
- 48 GB RAM (To allow use of a VM. VM not running during these tests.)
- 2x SSD. ada0 - Boot disk 256 GB, ada1 - iocage, VM ZVOL 1 TB
SSDs use motherboard SATA interfaces
- 4x 4TB Ironwolf drives. da0-da3, configured as RAIDZ2 array
da0-da3 use LSI 9212 SATA to PCIe adapter card in IT mode
- Ethernet adapters
- em0 - Motherboard: Intel I219-LM
- igb0, igb1 - PCIe card: Dual Intel I350 Gb ports
Repeated tests with both em0 and igb0 as primary physical port. Same results.
VLANs attached to physical port.
Not sure If I am doing something wrong or have an incorrect expectation of how IP bindings should work.
Please let me know if you have recommendations or questions.
Thank you.
On my TN server I've found that the NFS & SMB "Bind IP Address" settings in the Services menu don't seem to work correctly if the NFS & SMB services are set to automatically start on boot.
They will work correctly if:
- NFS and SMB are manually started after boot-up.
- Or, if services are set to autostart, then after boot-up,
both services are turned off, then back on.
Also tried this with one of the datasets that is served by NFS & SMB set to password encryption. In this case, if the NFS & SMB services are turned on after the dataset is unlocked then the IP address bindings work.
For me the workaround of starting NFS & SMB services manually after a boot up is not too bad since I normally have one of the datasets configured for password encryption and need to log on anyway. (Most of the tests for IP bindings were performed with the dataset encryption set to inherited.)
However, other users may be specifying IP address bindings, have not tested them, and do not realize that they are not working as expected.
The server is using a single Ethernet interface and is configured for VLANs.
- Non-VLAN access is used for the TrueNAS GUI and SSH.
- VLANs are used for NFS & SMB access.
When IP bindings fail the NFS and SMB ports are open to any VLAN.
Using netstat shows that the NFS and SMB ports are not bound. (Listening on *.139 *.445, etc)
Port scan of server with nmap shows these ports are open.
Attempting access from a PC that should be blocked, is not blocked.
If I clear the check boxes to autostart NFS & SMB, reboot, then manually start NFS and SMB. Netstat shows that the listening ports are bound to the correct IP address.
Port scan from a unauthorized subnet shows the ports are closed.
Attempt to access NFS or SMB fails on PCs that are not on the correct subnet.
TrueNAS version is 13.0-U3.1
TrueNAS is running on a Dell T30 server with:
- Xeon E3-1225v5
- 48 GB RAM (To allow use of a VM. VM not running during these tests.)
- 2x SSD. ada0 - Boot disk 256 GB, ada1 - iocage, VM ZVOL 1 TB
SSDs use motherboard SATA interfaces
- 4x 4TB Ironwolf drives. da0-da3, configured as RAIDZ2 array
da0-da3 use LSI 9212 SATA to PCIe adapter card in IT mode
- Ethernet adapters
- em0 - Motherboard: Intel I219-LM
- igb0, igb1 - PCIe card: Dual Intel I350 Gb ports
Repeated tests with both em0 and igb0 as primary physical port. Same results.
VLANs attached to physical port.
Not sure If I am doing something wrong or have an incorrect expectation of how IP bindings should work.
Please let me know if you have recommendations or questions.
Thank you.
