kern/147940: [nfs] mounting >1k TCP-NFS mounts fails
John Baldwin
jhb at freebsd.org
Tue Jul 20 14:50:03 UTC 2010
The following reply was made to PR kern/147940; it has been noted by GNATS.
From: John Baldwin <jhb at freebsd.org>
To: bug-followup at freebsd.org,
rs at bytecamp.net
Cc:
Subject: Re: kern/147940: [nfs] mounting >1k TCP-NFS mounts fails
Date: Tue, 20 Jul 2010 10:42:37 -0400
There are a limited number of privileged ports on a client, only 1k, and some
of those ports are used for other services, so you certainly cannot mount 1k
TCP NFS mounts unless you disable the privileged port check on the server.
nfs_privport=0 is not necessarily a risk if you trust all machines that are
able to connect to your NFS server (e.g. you manage all the clients and the
server is on a LAN or WAN and not directly connected to the Internet). Even
with nfs_privport=1 you are still trusting root on any client machines,
nfs_privport=0 only prevents non-root users on client machines from
establishing mounts.
However, this isn't a bug, this is just the way IP works, and as a result, the
way that NFS mounts work. -N for the UDP mounts is effectively similar to
having nfs_privport set to 0. I'm not sure exactly how it works (perhaps it
requires the mount request to be privileged, but not the normal RPC traffic?),
but that is why it is "working".
--
John Baldwin
More information about the freebsd-fs
mailing list